DreamBus Botnet Targets Linux Systems
Cryptocurrency Fraud
,
Cybercrime
,
Fraud Management & Cybercrime
Researchers Say It Hijacks Powerful Computer Systems to Mine Monero
See Also: Buyer’s Guide Report: Choosing the Right Security Testing Solution
DreamBus presents a serious threat because of the many components it uses to spread via the internet and the wormlike behavior that enables it to move laterally once inside a targeted system, ThreatLabz says. Many of the bot’s components have previously been detected, some as far back as 2018, the report states.
Based on the time stamps associated with the deployment of new commands, Zscaler believes the attackers are located in Russia or Eastern Europe. Zscaler does not know how many organizations have been hit.
Attack Route
DreamBus, which is based on a series of executable and linkable format binaries and Unix shell scripts, uses a number of methods to identify victims. These include using different modules to search for targets with weak passwords or remote code execution vulnerabilities in popular enterprise applications, such as Secure Shell, as well as IT administration tools, cloud-based applications and databases,…