Shellbot: an old malware now mines Monero
Shellbot: an old malware now mines Monero

Shellbot: an old malware now mines Monero

By Alfredo de Candia - 5 May 2019

Chevron down

Recently, the Thread Stack and Security Operations Center (SOC) teams discovered the evolution of a malware already known since 2005, Shellbot, which has now been modified to mine Monero, interrupting the other mining systems active on the victim’s computer.

shellbot malware monero

This type of malware was initially designed to penetrate, through a brute force attack, the Secure Shell (SSH) of the computer, a protocol used to gain remote access to the system.

The new version of Shellbot, in addition to maintaining the same features, allows you to mine the Monero (XMR) cryptocurrency, which is, unfortunately, the preferred for this type of operations due to the privacy it provides compared to other virtual currencies.

This malware also runs on Linux systems. To do so, it installs 3 components using customized scripts. The malware commands and controls are located on an IRC (Internet Relay Chat) server, which allows checking and monitoring the status of the infected computer, allowing, according to some estimates made by the security team, to generate about $300 in Monero for each infected machine.

As stated by Sam Bisbee, Chief Security Officer of Threat Stack:

“The threat actors behind this campaign have shown the ability and willingness to update this malware with new functionality after it has gained a foothold on an infected system. They are fully capable of using this malware to exfiltrate, ransom or destroy data”.

Alfredo de Candia

Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.