Antivirus provider Kaspersky uncovers a sophisticated piece of ‘StripedFly’ malware camouflaged as a cryptocurrency miner that’s been targeting PCs for more than five years.

  • girsaysdoom@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    1 year ago

    From what it’s describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments but home Linux setups should be fine for the most part.

    • Eyron@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.

      With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.

      • Salamendacious@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.