Findings from the Special Ops team at United States cybersecurity company JASK reveal a modified version of trojan Shellbot has become increasingly prevalent since its debut in November last year.
The perpetrators, the company says, appear to be a Romanian hacker group known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware installs.
“The toolkit observed […] in use by the attacker contains three primary components: IRC (Internet Relay Chat) botware for Command and Control (C2), a revenue stream via Monero mining, and a popular scan and brute force tool, haiduc,” JASK confirmed.
The latest threat specifically targets users of devices running Linux. In mid-January, research from Palo Alto Networks found another Monero-mining malware targeting Linux users that had the ability to disable cloud-based security measures to avoid detection.