Summary: Researchers have uncovered a cryptocurrency mining botnet known as Outlaw, which exploits weak SSH credentials to propagate and control compromised systems. Active since 2018, it utilizes brute-force attacks and a multi-stage infection process to deploy malicious miners and maintain persistence. The botnet also exhibits features for self-propagation and remote control, using IRC channels for command and control operations.
Affected: SSH servers, Linux and Unix-based operating systems
Keypoints :
- Outlaw targets SSH servers through brute-force attacks, enabling cryptocurrency mining.
- The malware employs a multi-stage infection process involving scripts to download and execute mining payloads.
- Key features include self-propagation mechanisms, remote control via SHELLBOT, and the use of techniques to maintain persistence and evade detection.
Source: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
Views: 18