Antivirus provider Kaspersky uncovers a sophisticated piece of ‘StripedFly’ malware camouflaged as a cryptocurrency miner that’s been targeting PCs for more than five years.

    • girsaysdoom@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      18
      ·
      edit-2
      1 year ago

      From what it’s describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments but home Linux setups should be fine for the most part.

      • Eyron@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.

        With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.

        • Salamendacious@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.

    • Buffalox@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      3
      ·
      edit-2
      1 year ago

      From the part you quoted earlier, it’s absolutely useless, and not worth reading.