New threat actor enhancing Linux cryptocurrency mining attacks identified
Trend Micro security researchers have identified an advanced remote access trojan (RAT) named CHAOS that enhances Linux cryptocurrency mining attacks. It is based on an open-source project in which the main downloader script and further payloads are hosted in different locations to ensure the campaign remains active and constantly spreading. Investigation shows that the main server appears to be in Russia, which is also used for cloud bulletproof hosting. Trend Micro researchers stated that the infection routine of cryptocurrency mining malware seems minor, but organisations and individuals should stay cautious.