A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.
First spotted by Alibaba Cloud (Aliyun) security researchers in February (who dubbed it Sysrv-hello) and active since December 2020, the botnet has also landed on the radars of researchers at Lacework Labs and Juniper Threat Labs after a surge of activity during March.
While, at first, it was using a multi-component architecture with the miner and worm (propagator) modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.
Read more…
Source: Bleeping Computer