New Monero Cryptojacking Exploit For Linux Discovered, Targeting Old Software

Colin Muller

A dangerous new “cryptojacking” exploit targeting the Linux operating system has been discovered by a Russian security company called Dr.Web, who have unceremoniously named it “Linux.BtcMine.174.” The name is (fittingly) misleading, as the malware surreptitiously mines monero (XMR) rather than bitcoin (BTC). Cryptojacking is the hijacking of a user’s computing power in order to secretly mine cryptocurrency.

The exploit depends on one of two Linux vulnerabilities being open to form an attack vector, which are CVE-2016-5195 and CVE-2013-2094. According to the widely referenced exploit tracking website cve.mitre.org, CVE-2013-2094 (as the “2013” name suggests) is only present on versions before 3.8.9; whereas CVE-2016-5195 affects versions before 4.8.3. (The current Linux version is 4.19.2.)

Linux.BtcMine.174 forces “root” access on the Linux-running device, which means it gains access to the entire file structure of the system. On most commercial computing devices, such primary access is either password-protected or completely sealed-off, even from the legal owner, as is the case with both iPhone and Android smartphones.

According to Dr.Web, the exploit then downloads several more utilities, in order to delete competing cryptojacking software and virus-scanning software, and to run the XMR mining script in perpetuity.

Update your software

As mentioned above, this exploit only affects older versions of Linux. This means that those running the latest software will not be vulnerable. This conclusion is consonant with a story CryptoGlobe reported on just days ago, in another case of cryptojacking resulting from leaving unupdated software vulnerable to known exploits.

Monero is the ideal cryptocurrency to mine in such cases of cryptojacking, because of its privacy features which almost completely obfuscate the identities and amounts involved in transactions.

Incidence of cryptojacking are on the wane overall, while incidence of data theft and ransomware targeting businesses is on the rise. Cryptojacking skyrocketed in late 2017/early 2018, presumably due to the exploding prices of cryptoassets at that time. However, it is clear enough that even amid today’s collapsing market, the threat is still real.

Young Australian Woman Accused of Stealing 100,000 XRP Pleads Guilty

Siamak Masnavi

Katherine Nguyen, the first Australian charged with cryptocurrency theft, has pleaded guilty.

Background

On 25 October 2018, according to a report in media outlet "news.com.ua", police in the state of New South Wales in Australia arrested a 23-year-old woman from Sydney over the alleged theft of 100,000 XRP tokens.

Apparently, detectives from the State Crime Command’s Cybercrime Squad had set up a task force back in January 2018 to investigate the reported theft of 100,000 XRP tokens from a 56-year-old man. The investigators were told by the alleged victim that he was locked out of his email account for two days in mid-January 2018, but he thinks that his email account may have gotten hacked in December 2017.

After he managed to eventually get back control of his email account, he noticed some suspicious activity involving his cryptocurrency account, and when he checked this wallet, he found that almost all of the crypto there had disappeared.

However, after an approximately ten-month investigation, on 25 October 2018, detectives used a search warrant to get access to the young woman's home, arrested her, and took her to Ryde (a suburb of Sydney) Police station, where they charged her with "knowingly deal with proceeds of crime." 

The police were alleging that the woman (possibility with the help of others) took over the man's email account, changed his password, thereby locking him account, and then set up two factor authentication using a mobile phone number. It is further alleged that she then accessed his crypto account, and transferred his XRP tokens to a crypto exchange in China, where this XRP was converted to Bitcoin.

Latest Development

On Friday (August 23), Australian TV news channel 7NEWS sent out the following tweet:

According to their report, in January 2018, Nguyen, the alleged cryptocurrency thief, "hijacked" the email account of a 56-year old man with the same surname as her. 

The report goes on to say that although Nguyen has pleaded guilty, there is "still some dispute over the exact facts," which will hopefully be "settled at a special hearing in October" (this hearing has been given the task of preparing "a pre-sentence report").

When she is sentenced in October, there is a real possibility that she will have to go to jail.

Featured Image Credit: Photo via Pixabay.com