Antivirus provider Kaspersky uncovers a sophisticated piece of ‘StripedFly’ malware camouflaged as a cryptocurrency miner that’s been targeting PCs for more than five years.

  • Eyron@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.

    With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.

    • Salamendacious@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.