A well-known malware program caleld Shellbot has reportedly been updated to include new capabilities, which allow it to secretly mine using users’ computing resources, without their consent, turning it into a cryptojacking program.

Secretly Mining Cryptocurrency, Without Users’ Consent

According to a report published on May 1, 2019 by TechCrunch, Threat Stack, a US-based online security company, first detected the Shellbot malware in 2005. However, the malware has only now been upgraded as it now allows attackers to secretly mine cryptocurrencies by using the computing resources of users – without their consent. 

The first version of the Shellbot program was reportedly designed to brute-force the credentials associated with SSH (Secure Shell), a standard internet-based protocol used to provide secure access to remote systems. When it was first introduced, the Shellbot malware had reportedly been able to compromise Linux servers that used weak passwords.

The latest release of the Shellbot malware allows its administrators to mine the privacy-oriented cryptocurrency Monero (XMR). According to researchers at Threat Stack, it can potentially infiltrate and take over an entire computer network by preventing other users from mining cryptocurrencies or performing other tasks.

New Version Found On Linux Servers

Notably, the research team at Threat Stack has detected a new release of Shellbot on Linux machines which consists of three different components that are installed using a programming script.

As noted by Threat Stack’s security researchers, the command and control server of the Shellbot malware is an Internet Relay Chat (IRC) server, which allows attackers to issue commands while monitoring the status of targeted computers. According to Threat Stack’s estimates, the Shellbot malware has been generating around $300 per day in XMR from each affected machine, and this figure may increase further.

Commenting on the matter, Sam Bisbee, the Chief Security Officer at Threat Stack, told TechCrunch:

The threat actors behind this campaign have shown the ability and willingness to update this malware with new functionality after it has gained a foothold on an infected system. They are fully capable of using this malware to exfiltrate, ransom, or destroy data.

Cryptojacking Incidents Drop 79%

Last week, reports from MalwareBytes, a leading antivirus solution provider, revealed the number of cryptojacking incidents decreased significantly. The firm’s data showed that crypto mining malware attacks dropped by around 79% since last year.

The report noted that the main reason for the decline in the number of cryptojacking attacks may be due to CoinHive, a leading provider of crypto mining software, shutting down in February of this year