Science and Tech

Ebury botnet compromises nearly 400,000 Linux servers over 15 years to steal cryptocurrencies

Archive - Bitcoin Cryptocurrency

Archive – Bitcoin Cryptocurrency – ESET – Archive

May 17. (Portaltic/EP) –

ESET researchers have shared progress on the ‘Ebury botnet‘malware’ that, during its 15 years activeha committed around of 400,000 Linux servers, 100,000 of them still compromised at the end of 2023for him cryptocurrency theft and bank cards.

It is known as ‘botnet’ to a set of networks of computing devicessuch as computers, called ‘bots’, which, infected with ‘malware’ They are controlled remotely by malicious actors and can be used together to carry out malicious activities.

The Ebury botnet has been active since 2009, which in the last 15 years has been used as a backdoor to compromise around 400,000 servers Linux, reeBSD and OpenBSD, 100,000 of them still violated at the end of last year 2023.

Cybersecurity experts have warned that “in many of these cases,” the malicious actors behind Ebury have been able get full access to “large servers from well-known ISPs and hosting providers.” As a result, it has been achieved robbery of credit cards and even cryptocurrencies.

This has been detailed by ESET researchers in a in depth study the Ebury botnet, in which they define it as “one of the most advanced server-side ‘malware’ campaigns.”

ESET first reported on Ebury in 2014with the publication of a technical document on the Operation Windigoa campaign in which cybercriminals used multiple malware families working together, “with the Ebury malware family at the core.”

As a result, as the company recalled in a statement on their websitethe Dutch National High-Tech Crime Unit (NHTCU) intervened, eventually arresting one of the malicious actors behind this campaign.

Currently, ESET has identified the use of Ebury to send proxy traffic to ‘spam’ and conduct adversary-in-the-medium (AitM) attacks on more than 200 targetsas nodes of the Bitcoin and Ethereum cryptocurrenciesspread across 75 networks and 34 different countries, among February 2022 and March 2023. With it, cybercriminals have managed to steal cryptocurrencies, credentials and user credit card data.

Furthermore, in their modus operandi, researchers have discovered that cybercriminals created and implemented new ‘malware’ families to make profits from the ‘botnet’, including a kernel module -file that contains code that can be extended to the operating system kernel- to redirect web traffic.

Likewise, the Ebury cybercriminals also used zero-day vulnerabilities in the administrator ‘software’ to compromise more servers massively.

THREAT TO THE LINUX COMMUNITY

According to ESET research, Ebury’s final victims include both universities, as small and large companiesInternet service providers and cryptocurrency traders. As pointed out by ESET researcher Marc-Etienne M. Léveillé, “There is no geographical limit to Ebury”since there are currently compromised servers in almost all countries globally.

In this context, Léveillé has stressed that Ebury “poses a serious threat and challenge to the Linux security community,” since, currently “There is no simple solution that renders Ebury ineffective.”

He has also warned that Ebury’s ‘malware’ not only affects those who “care less about security”, but “the list of victims includes many very technology-savvy people and large organizations.”

Source link