Lady Trojan Turns Linux Servers Into Bitcoin Miners

In response to the news that Linux.Lady, a Go-based Linux Trojan that mines cryptocurrency, has been uncovered by researchers Ken Bechtel, Malware Research Analyst at Tenable Network Security commented below.

Ken Bechtel, Malware Research Analyst at Tenable Network Security:

Ken Bechtel“This is far from the first Linux malware; there have been Linux viruses, Trojans, backdoors and worms dating back to the ’80s. While these often are overlooked as annoying, they are out there and exist.  The reason they are not more prevalent is that the Linux Operating System is not as common as Microsoft or Apple’s versions.  In reality every operating system, dating back to CPM has at least one piece of malware written for the platform. In this case, my best guess would be that the malware authors were looking for a new venue of cryptocurrency mining and to leverage under-protected devices so as to leapfrog into an organization. This can also be leveraged for future attacks against other devices on the compromised network, once a reconnaissance is carried out.
“Organisation should remember to treat the Linux devices within the organization like every other computing device.  It’s also critical to install and maintain host security products and harden the operating system. If necessary, due to lack of native scanners, leverage anti-malware products to remote scan the device periodically, per industry best practices.
“I hope this reminds network managers and security administrators that ALL devices are vulnerable to attack and that just because the threat is not as prevalent as on Windows, that doesn’t mean it’s immune to attack. Many people have said “I don’t need Anti-Virus, I run Linux/Mac/etc.,” and every few years I like to remind people this isn’t the case, and that all devices need to be protected.”



In this article