Lemmy NZ

899 readers
39 users here now

Rules:

FAQ ~ NZ Community List ~ Join Matrix chatroom ~ Alternate frontends

founded 1 year ago
ADMINS
Dave
idanoo
AutoMod
listing: all - local
search
1
1
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
 
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/technology by /u/opamrega on 2024-10-04 13:03:04+00:00.

2
181
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
3
153
Thousands of Linux systems infected by "perfctl" malware since 2021 (arstechnica.com)
 
 

TLDR: perfctl is a crypto mining and proxy jacking malware that exploits about 20’000 common missconfigurations to install itself on Linux servers. Mostly using a 10/10 CVE on Apache RocketMQ.

It is very persistent and can reinstall itself even when you have deleted all the perfctl and perfcc files. It hides itself by removing logs, network packets, and stopping all activity once you login to the machine.

Monitoring cpu usage using tools (I use net data on my server) can help identify infections (100% cpu usage when « idle »).

4
1
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
 
 

The ability to remain installed and undetected makes Perfctl hard to fight.

view more: next ›