Sysrv Botnet Cryptomining Worm Seeking And Attacking Vulnerable Devices is a new cryptomining worm threat to be aware of, and it’s making the lives of IT Administrators who manage Windows and Linux environments nightmarish.
This news comes from a recently published report offered by a research firm called Juniper, which began monitoring the activities of the new Sysrv Botnet back in December of 2020.
One of the things that makes Sysrv a serious threat is the fact that it has worm-like abilities and can spread from one vulnerable device to another connected vulnerable device with ease. It can do that in record time, so what starts as a small, manageable problem can quickly spiral out of control.
Worse, the hacker or group behind the new Sysrv botnet cryptomining worm threat has been busily updating their malicious minions, giving the botnet an arsenal of exploits that have grown in size almost continually since the company first started tracking its activities.
Among other things, it can add SSH keys and use any of the following exploits:
- Drupal Ajax
- Mongo Express
- Saltstack
- ThinkPHP
- XML-RPC
The main goal of the person or persons behind this new Sysrv Botnet cryptomining worm threat seems to be to maximize cryptocurrency mining rewards.
The malware sets up to mine for the following mining pools:
- Xmr-eu1.nanopool.org:14444
- f2pool.com:13531
- minexmr.com:5555
The malware’s current designs are to mine XMR, and they’ve infected such a sufficient number of machines that they’re averaging about 1 XMR every two days. Between March 1st and March 28th of this year (2021) the wallet associated with the malware saw an increase of 8 XMR, worth about $1700.
Unfortunately, while the drain on computing power is bad enough on its own, that’s not the worst of it. Once a machine is infected with the Sysrv Botnet worm, it is entirely possible that Sysrv’s controllers could upload additional malware that could be genuinely destructive. All that to say, be on the alert for this one. It’s bad news and a growing threat.
