New Monero Cryptojacking Exploit For Linux Discovered, Targeting Old Software

Colin Muller

A dangerous new “cryptojacking” exploit targeting the Linux operating system has been discovered by a Russian security company called Dr.Web, who have unceremoniously named it “Linux.BtcMine.174.” The name is (fittingly) misleading, as the malware surreptitiously mines monero (XMR) rather than bitcoin (BTC). Cryptojacking is the hijacking of a user’s computing power in order to secretly mine cryptocurrency.

The exploit depends on one of two Linux vulnerabilities being open to form an attack vector, which are CVE-2016-5195 and CVE-2013-2094. According to the widely referenced exploit tracking website cve.mitre.org, CVE-2013-2094 (as the “2013” name suggests) is only present on versions before 3.8.9; whereas CVE-2016-5195 affects versions before 4.8.3. (The current Linux version is 4.19.2.)

Linux.BtcMine.174 forces “root” access on the Linux-running device, which means it gains access to the entire file structure of the system. On most commercial computing devices, such primary access is either password-protected or completely sealed-off, even from the legal owner, as is the case with both iPhone and Android smartphones.

According to Dr.Web, the exploit then downloads several more utilities, in order to delete competing cryptojacking software and virus-scanning software, and to run the XMR mining script in perpetuity.

Update your software

As mentioned above, this exploit only affects older versions of Linux. This means that those running the latest software will not be vulnerable. This conclusion is consonant with a story CryptoGlobe reported on just days ago, in another case of cryptojacking resulting from leaving unupdated software vulnerable to known exploits.

Monero is the ideal cryptocurrency to mine in such cases of cryptojacking, because of its privacy features which almost completely obfuscate the identities and amounts involved in transactions.

Incidence of cryptojacking are on the wane overall, while incidence of data theft and ransomware targeting businesses is on the rise. Cryptojacking skyrocketed in late 2017/early 2018, presumably due to the exploding prices of cryptoassets at that time. However, it is clear enough that even amid today’s collapsing market, the threat is still real.

Token Listing Guidelines for Binance DEX

On Thursday (April 25), Binance unveiled guidelines for listing tokens on Binance DEX, its new decentralized exchange, and said that these guidelines would enable Binance DEX "to facilitate a larger number of crowd-vetted projects, hopefully listing 10x more tokens than currently listed on Binance.com."

Despite what some people think, issuing a token on Binance Chain does not mean that the new token will automatically get listed on Binance DEX. Binance, which has been criticized like most other centralized exchanges for having an opaque listing process, is hoping that the new "transparent and community-driven" listing process for Binance DEX will finally satisfy most if not all of its detractors.

The Binance DEX listing process consists of the following steps:

  • 1. Proposal
    • "It is recommended that Token Issuers first create a thread under the “Token Issuance & Listings” category in the Binance Chain Community Forum."
    • "It is recommended that this public thread contain full answers to the Binance DEX Token Listing Submission Criteria..."
    • "Token Issuers must initiate an on-chain Proposal Request (fee of 10 BNB) to list a trading pair for a token."
    • "Token Issuers must request BNB as the quote asset for their first trading pair. For example, ABC/BNB."
    • "Once the proposal request is submitted, Token Issuers must post the Proposal ID to their proposal thread in the forum as a ‘reply’."
  • 2. Deposit
    • "Once the proposal request is sent, Token Issuers will need to deposit at least 1,000 BNB within 2 days."
    • "Proposals that do not receive sufficient deposits within this timeframe will not be able to move on to the voting stage and their deposit will not be refunded."
    • "If the Vote passes in Step 3 (majority 'Yes'), the 1,000 BNB deposit will be refunded."
  • 3. Vote
    • "At least half of the voting power is required to vote 'Yes' for the proposal to be accepted."
    • "Binance Chain Validators can vote for either 'Yes', 'No', 'NoWithVeto', or 'Abstain' within the time period specified in the proposal request."
    • "The 1,000 BNB deposit will be refunded if the majority of Validators vote for 'Abstain'."
    • "Proposals are denied if one third of the Validators vote 'NoWithVeto' or if half of the Validators vote 'No'."
    • "Denied proposals will lose all the funds deposited, however this result will only occur in rare circumstances when there is relatively clear fraud, scam or spam."
  • 4. List
    • "If the vote is passed, the Token Issuer will need to initiate a 'List' transaction on-chain (2,000 BNB fee) within the timeframe specified in the proposal, while the previous 1,000 BNB deposit will be refunded back to the proposing user."
    • "The trading pairs will be live immediately after this request is completed."

Binance DEX Listing Process Workflow Screenshot.png

Binance says that the "listing application, project information, vote results and all community interaction will be public on the Binance Chain Community Forum," that the decisions of the Binance Chain Validators (who are the only ones with the power to vote) are "purely based on public information in the forum," and that there is no other way "for projects to contact Binance Chain Validators."

One interesting thing to point out is that although the Binance DEX listing fee has been set to 2,000 BNB (currently, according to CryptoCompare, worth around $45,580), originally Binance CEO Changpeng Zhao (aka "CZ") was thinking of making the listing fee on Binance DEX be around $100,000, as he mentioned in his first Ask Me Anything (AMA) session on February 7:

"There will be a listing fee on the DEX. I actually deliberately want to set that a little bit high, just so we reduce the number of spam or scam projects. And there’s also a voting process by the validators to be listed on the DEX. So there’s a fee, I think the fee will be probably close to $100K US, so we’ll see. But the fee is adjustable over time, it’s quite easy to change."

Earlier today, Mithril, the first crypto project to migrate its token (MITH) to Binance Chain, got listed on Binance DEX:

 

All Images Courtesy of Binance