OUTLAW Malware Targets Linux Systems via SSH Brute-Forcing and Modified Miners

By /

Listen to this Post

A new malware named OUTLAW is actively targeting Linux systems, leveraging SSH brute-forcing and modified cryptocurrency miners to establish persistence and expand its botnet. This malware poses a significant threat due to its simplicity and effectiveness in compromising vulnerable systems.

Key Tactics of OUTLAW Malware

  • SSH Brute-Forcing: Automates credential attacks to gain unauthorized access.
  • Modified Miners: Deploys altered cryptocurrency miners for resource exploitation.
  • Botnet Expansion: Uses compromised systems to spread further.

You Should Know: Essential Commands & Countermeasures

1. Detect SSH Brute-Force Attempts

Check for repeated failed login attempts in auth logs: 

sudo grep "Failed password" /var/log/auth.log

Block repeated IPs with `fail2ban`:

sudo apt install fail2ban 
sudo systemctl enable fail2ban

2. Secure SSH Access

Disable root login and enforce key-based authentication:

sudo nano /etc/ssh/sshd_config

Add/Modify:

PermitRootLogin no 
PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

3. Check for Malicious Processes

List active processes and check for unknown miners:

top -c 
ps aux | grep -E "minerd|cpuminer"

Kill suspicious processes:

sudo kill -9 <PID>

4. Monitor Network Connections

Identify unexpected outbound connections:

sudo netstat -tulnp

Block malicious IPs with `iptables`:

sudo iptables -A INPUT -s <MALICIOUS_IP> -j DROP

5. Remove Persistence Mechanisms

Check cron jobs for malicious tasks:

crontab -l 
sudo nano /etc/crontab

Remove unauthorized entries.

What Undercode Say

The OUTLAW malware exemplifies the growing threat of Linux-targeting attacks. Defending against such threats requires:
– SSH Hardening (disable passwords, use fail2ban).
– Continuous Monitoring (logs, network, processes).
– Automated Patching (keep systems updated).

Additional Security Commands

  • Scan for rootkits: 
    sudo rkhunter --check
  • Check file integrity: 
    sudo aide --check
  • List all open files (useful for detecting miner files): 
    sudo lsof -i

Stay vigilant—automate defenses and enforce strict access controls.

Expected Output:

  • Detected brute-force attempts in /var/log/auth.log.
  • Blocked malicious IP via iptables.
  • Removed unauthorized cron jobs.
  • Terminated suspicious miner processes.

Reference: OUTLAW Malware Analysis

References:

Reported By: Hendryadrian Linuxmalware – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: