The modified Shellbot trojan is thought to have originated from a Romanian hacker collective.
Findings from the Special Ops team at United States cybersecurity company JASK reveal a modified version of trojan Shellbot has become increasingly prevalent since its debut in November last year.
The perpetrators, the company says, appear to be a Romanian hacker group known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware installs.
“The toolkit observed […] in use by the attacker contains three primary components: IRC (Internet Relay Chat) botware for Command and Control (C2), a revenue stream via Monero mining, and a popular scan and brute force tool, haiduc,” JASK confirmed.
The latest threat specifically targets users of devices running Linux. In mid-January, research from Palo Alto Networks found another Monero-mining malware targeting Linux users that had the ability to disable cloud-based security measures to avoid detection.
As Cointelegraph reported, so-called “cryptojacking attacks” — installing malware which secretly mines cryptocurrency on a victim’s device — have become considerably more widespread over the past year.
Malware detections shot up almost 500 percent in the first half of 2018, while a survey in August 2018 claimed that in the United Kingdom alone, over half of businesses had been affected by cryptojacking at some point.
This year, separate statistics suggested that around 4.4 percent of all XMR in circulation came from nefarious sources.