Linux machine users beware! There is a new Trojan in town that can turn your devices into cryptocurrency mining rigs without your knowledge.
Discovered by the Russian cyber security firm Dr. Web, Linux.Lady (Linux.lady.1) is a Trojan built to target machines running on Linux operating system. The malicious software written in Go programming language is found to specifically affect servers running Redis NoSQL database. Once infected, Linux.Lady collects and transfers the information about the system to a command and control server. It is then found to download and execute a cryptocurrency mining software utility, turning the servers into cryptocurrency mining devices.
According to reports, there are currently over 30,000 Redis servers which are vulnerable to Linux.Lady. The program built using open source Go libraries freely available on GitHub is supported by another Trojan called Linux.Downloader.196.
Linux.Downloader.196 is responsible for downloading the main payload after the infection. Dr. Web’s analysis has shown Linux.Lady to send the following information to its command and control server over SSH.
- Trojan’s version
- Number of CPUs on the machine
- Host’s name
- Number of running processes
- Name of the operating system
- Family of the operating system
- Host’s uptime
Linux.Lady makes itself at home by detecting the infected computer’s external IP. Once the IP is