Perfctl Campaign Exploits Millions of Linux Servers for Crypto Mining and Proxyjacking (socradar.io)
from Joker@sh.itjust.works to cybersecurity@infosec.pub on 25 Nov 2024 13:36
https://sh.itjust.works/post/28602317

Linux servers, the backbone of countless organizations worldwide, have recently come under siege by a stealthy and highly evasive malware known as Perfctl. This malware campaign is proving to be one of the most advanced threats targeting Linux environments today. Designed to bypass traditional security defenses, the campaign silently infiltrates servers, using advanced techniques to mine cryptocurrency and perform proxyjacking – a tactic that abuses server resources to facilitate other cyber operations.

#cybersecurity

threaded - newest

MajorHavoc@programming.dev on 25 Nov 2024 14:15 collapse

I’m not sure that the image is the only thing AI generated in this one.

I didn’t catch a single novel detail about Perfectl to support the claim that it’s one of the most advanced threats. I’m not saying it’s not just that I didn’t catch in this article why it is.

Maybe it’s there among all the noise and I just missed it.

There’s a lot of the usual stuff. Maybe the novelty is just having it all in one worm? Other worms effectively have the same impact since they usually phone home, anyway, and a human invokes each of those other tools, if able.

TL;DR: Worm targets Bitcoin, but isn’t above using infected open source developer packages (citation missing though - would love to know which packages). Uses usual techniques for usual reasons.

Maybe the novelty is that a bunch of the usual manual steps are maybe being invoked automatically? It’s not clear.

Edit: I also couldn’t find a source for the claim of millions of infected servers. This one feels more like a consulting flier selling to inept CISOs, than Cybersecurity news.