Björn StierandJan 16
While trying to migrate some self-hosted apps to a new empty VPS yesterday, I noticed an unusually high load, issues during upgrade (initramfs scripts broke one by one because of missing libs) and a lot of network traffic with no actual services running.

I set up the server some days ago and installed a Portainer agent, but didn't configure it yet. Seems this is an ideal entry point for the #perfctl/#perfcc malware and a rootkit to use the server for CryptoJacking and ProxyJacking. The #Portainer agent waits for an initial connection from the Portainer server (and does so after every restart) - but if the attacker comes first, he wins. 🙄

Long story short: I reinstalled the server from scratch, use the Portainer Edge agent from now on (which reverses the communication direction) and have an even closer look on my monitoring.

More infos about the attack vector can be found here:

https://blog.exatrack.com/Perfctl-using-portainer-and-new-persistences/
Perfctl malware exploiting exposed Portainer agent and using new SSH persistence

Guardians Of CyberOct 14, 2024

💥 Did you know? Perfctl malware has been silently mining cryptocurrency on Linux servers for years, undetected. 👀

💡 Pro tip: Always monitor your system for unusual CPU spikes or hidden processes like “httpd” that might be masquerading as legitimate services!

What measures are you taking to detect hidden malware on your servers? 🤔 Share your tips with the community below!👇

🔗 Dive deeper into how Perfctl exploits vulnerabilities and steals resources unnoticed! Check out our full analysis here: https://guardiansofcyber.com/threats-vulnerabilities/undetected-for-years-meet-perfctl-the-linux-malware-thats-mining-millions-in-cryptocurrency-right-under-your-nose/

#Cybersecurity #GuardiansOfCyber #Guardians #LinuxSecurity #Cryptojacking #Malware #Perfctl #ServerSecurity #CryptoMining #TOR #TechSecurity

fenixOct 9, 2024

Cose per cui vale la pena preoccuparsi: #Perfctl, il #malware che dal 2021 agisce nascosto su migliaia di server #Linux

#UnoLinux #sicurezzainformatica

https://www.miamammausalinux.org/2024/10/cose-per-cui-vale-la-pena-preoccuparsi-perfctl-il-malware-che-dal-2021-agisce-nascosto-su-migliaia-di-server-linux/

Cose per cui vale la pena preoccuparsi: Perfctl, il malware che dal 2021 agisce nascosto su migliaia di server Linux

Ben lungi dall'essere una delle notizie che ci piace raccontare, quella a proposito di Perfctl vale la pena di essere narrata con attenzione, contrariamente agl

Marcel SIneM(S)USOct 8, 2024
#Linux  -#Malware "#Perfctl" befällt offenbar schon seit Jahren Linux-Server | heise online https://www.heise.de/news/Perfectl-Linux-Malware-laesst-Server-heimlich-Kryptomining-und-mehr-ausfuehren-9963118.html #CryptoMiner #cryptocurrencies #cryptocurrency #Proxy #Loader
Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server

Eine ausgeklügelte Malware befällt massenweise Linux-Server mit falschen Konfigurationen. Das blieb lange unentdeckt, auch wegen der guten Tarnung.

heise online
Olly 👾Oct 8, 2024

New [Perfctl] Malware Targets Linux Servers for Cryptocurrency Mining & Proxyjacking. 

According to Aqua Nautilus researchers who discovered perfctl, the malware likely targeted millions of Linux servers in recent years and possibly caused infections in several thousands of them.

https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/

#linux #server #perfctl #stealthy #malware #it #security #privacy #engineering #technology #media #news

perfctl: A Stealthy Malware Targeting Millions of Linux Servers

Perfctl is particularly elusive and persistent malware employing several sophisticated techniques

Aqua
Scripter Oct 8, 2024
Linux-Malware "Perfectl" befällt offenbar schon seit Jahren Linux-Server | heise online
https://heise.de/-9963118 #Cybercrime #Linux #LinuxServer #Malware #Perfctl
Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server

Eine ausgeklügelte Malware befällt massenweise Linux-Server mit falschen Konfigurationen. Das blieb lange unentdeckt, auch wegen der guten Tarnung.

heise online
卡拉今天看了什麼Oct 6, 2024

Stealthy Malware Has Infected Thousands of Linux Systems for Years | WIRED

Link📌 Summary:
研究人員最近報告指出,自2021年以來,數以千計的Linux機器已受到一種叫做Perfctl的惡意軟體感染。該惡意軟體利用超過20,000種常見的配置錯誤,並能利用已修補的Apache RocketMQ漏洞(CVE-2023-33426)。Perfctl的主要特徵是其竊取CPU資源進行加密貨幣挖礦,並隱藏自身的存在,以確保持久性及可進行各種惡意活動,包括作為代理伺服器以利第三方進行數據操作。研究人員強調,這種惡意軟體的偵測和清除非常困難,給用戶帶來極大困擾。

🎯 Key Points:
- Perfctl惡意軟體:自2021年以來在Linux系統中流傳,利用配置錯誤和漏洞進行感染。
- 獵取資源:Perfctl會竊取CPU資源進行加密貨幣挖礦,並可轉為代理伺服器賺取利潤。
- 隱藏技巧:該軟體使用rootkit技術與混淆名稱以避免檢測,並能永久存在於系統中。
- 持久性作為特徵:通過修改用戶登入腳本及記憶體複製等方式保持活躍。
- 潛在感染:研究估計全球可能有數百萬台機器存在此惡意軟體的潛在風險。

🔖 Keywords:
#Perfctl #惡意軟體 #Linux #加密貨幣 #資安

Stealthy Malware Has Infected Thousands of Linux Systems for Years

Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.

WIRED
Trevor McLeodOct 5, 2024

Use #linux ? Check out this #malware

#perfctl

https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/?itm_source=parsely-api

Thousands of Linux systems infected by stealthy malware since 2021

The ability to remain installed and undetected makes Perfctl hard to fight.

Ars Technica
SpitfireOct 5, 2024
Link to the original #perfctl blog post https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
perfctl: A Stealthy Malware Targeting Millions of Linux Servers

Perfctl is particularly elusive and persistent malware employing several sophisticated techniques

Aqua
Tech Cybersecurity NieuwsOct 5, 2024
Onopgemerkte malware infecteert duizenden linux systemen https://www.trendingtech.news/trending-news/2024/10/40891/onopgemerkte-malware-infecteert-duizenden-linux-systemen #malware #Linux #cybersecurity #Perfctl #rootkit #Trending #News #Nieuws
Onopgemerkte malware infecteert duizenden linux systemen

Een nieuwe malware genaamd Perfctl heeft duizenden Linux-systemen geïnfecteerd door gebruik te maken van misconfiguraties en geavanceerde technieken om detect

Tech Nieuws