Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Call us

+7 (495) 789-45-86

Forum
Profile

Back to news

Krebs fan creates new Trojan

August 21, 2017

Miner Trojans, which use computer resources to mine cryptocurrencies, have been around since 2011. In recent years, interest in such malicious programs has not waned among criminals, as is evidenced by the emergence of new programs of this type.

Miners Trojans are appearing regularly and Doctor Web’s virus analysts have noted a curious trend: the creators of these programs are now targeting the Linux platform. Of late, smart devices run on Linux have become very popular, and the owners of such devices are not changing the default settings, most notably the administrator login and password. This is why hacking into such devices is not a major problem for cybercriminals.

Linux.BtcMine.26 is yet another Miner Trojan for Linux devices. Its distribution scheme is similar to the infection mechanism of Linux.Mirai: cybercriminals connect to an attacked device using the Telnet protocol, after selecting the login and password, and then save the loader program on the device. Then, using a console command, they launch the loader from the terminal and Linux.BtcMine.26 is downloaded to the device.

An analysis of the miner loader has revealed a peculiar feature of this app: in its source code, krebsonsecurity.com is mentioned several times. This website is owned by well-known cybersecurity expert Bryan Krebs. Apparently, the author of the Trojan is his secret admirer.

screenshot Linux.BtcMine.26 #drweb

The Trojan is designed to mine Monero (XMR), a cryptocurrency created in 2014. Currently Linux.BtcMine.26 builds are known to exist for the x86-64 and ARM hardware architectures. The following characteristic signs can reveal a miner is present: a decrease in device speed and an increase in heat emissions during device operation. The most reliable way to prevent devices from getting infected by such Trojans is to promptly change the default login and password. Complex passwords that cannot be compromised by a dictionary search are recommended. It is also recommended to place restrictions on any changes from being made to a device’s settings remotely when external connections are made to it.

The Linux.BtcMine.26 signature has been added to the Dr.Web for Linux anti-virus database so this Trojan does not pose a threat to our users.

More about the Trojan

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040