400k Linux Servers Hacked to Mine Cryptocurrency

A new report from cybersecurity researchers at ESET has uncovered a massive botnet comprised of over 400,000 compromised Linux servers being used for cryptocurrency theft and other illicit financial gain.

The botnet, operated by the threat group behind the Ebury malware, has been active since at least 2009 but has evolved significantly over the past decade.

Ebury’s Insidious Spread

The Ebury gang employs a variety of techniques to propagate the malware and expand their botnet:

Different methods used by the Ebury gang to compromise new servers
Different methods used by the Ebury gang to compromise new servers
  • Compromised Hosting Providers: Leveraging access to hosting companies’ infrastructure to install Ebury on all hosted servers
  • ARP Spoofing Attacks: Intercepting and redirecting SSH traffic inside data centers to capture credentials
  • Over 200 Bitcoin/Ethereum Nodes Targeted: Automatically stealing crypto wallets when victims log in

Free Webinar on Live API Attack Simulation: Book Your...

Exit mobile version