DreamBus Botnet Targets Linux Systems

Cryptocurrency Fraud
Fraud Management & Cybercrime

Researchers Say It Hijacks Powerful Computer Systems to Mine Monero

DreamBus Botnet Targets Linux Systems
A diagram of the DreamBus botnet architecture (Source: Zscaler)

Zscaler’s ThreatLabz research team is tracking a new botnet dubbed DreamBus that’s installing the XMRig cryptominer on powerful enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero.

See Also: Buyer’s Guide Report: Choosing the Right Security Testing Solution

DreamBus presents a serious threat because of the many components it uses to spread via the internet and the wormlike behavior that enables it to move laterally once inside a targeted system, ThreatLabz says. Many of the bot’s components have previously been detected, some as far back as 2018, the report states.

Based on the time stamps associated with the deployment of new commands, Zscaler believes the attackers are located in Russia or Eastern Europe. Zscaler does not know how many organizations have been hit.

Attack Route

DreamBus, which is based on a series of executable and linkable format binaries and Unix shell scripts, uses a number of methods to identify victims. These include using different modules to search for targets with weak passwords or remote code execution vulnerabilities in popular enterprise applications, such as Secure Shell, as well as IT administration tools, cloud-based applications and databases,…