22.Lock ScreenEffect

Cybersecurity researchers have spotted a new Linux malware downloader that targets poorly defended Linux servers with cryptocurrency miners and DDoS IRC bots.

Researchers from ASEC discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Apparently, Korean users were the ones uploading the SHC, and it’s Korean users who are targets, as well.

Further analysis has shown that the threat actors are going after poorly defended Linux servers, brute-forcing their way into administrator accounts over SSH.