According to a recent report, a new botnet is spreading cryptomining malware and has already infected over 20,000 Linux machines. Dubbed “Lucky,” this botnet primarily targets IoT (Internet of Things) devices and Linux servers.
Researchers say the botnet uses a method called “brute-force” to gain access to vulnerable devices, which means it tries numerous combinations of login credentials until it succeeds in gaining access to a device. Lucky was first discovered by security researcher Ankit Anubhav, who found that the botnet worked by brute-forcing Telnet servers with weak login credentials. Once access is gained, the malware installs a cryptominer program called “MRK-Roo-0s” onto the infected device. The botnet also makes use of various techniques to remain undetected, including randomizing the port it uses and switching its connection on an hourly basis. Experts say that any Linux device with weak login credentials could be vulnerable to Lucky, including IoT devices, servers, and routers. To guard against this threat, experts recommend that users ensure they use strong login credentials and employ additional security measures like multifactor authentication.