Security researchers have spotted a new strain of malware being deployed online. Named RubyMiner, this malware is a cryptocurrency miner spotted going after outdated web servers.
According to research published by Check Point and Certego, and information received by Bleeping Computer from Ixia, attacks started on January 9-10, last week.
Ixia security researcher Stefan Tanase told Bleeping Computer that the RubyMiner group uses a web server fingerprinting tool named p0f to scan and identify Linux and Windows servers running outdated software.
Once they identify unpatched servers, attackers deploy well-known exploits to gain a foothold on vulnerable servers and infect them with RubyMiner.
That malware campaign also utilized the same Ruby on Rails exploit deployed in the RubyMiner attacks, suggesting the same group that was behind those attacks is most likely now trying to spread RubyMiner.
Overall, there’s been a rise in attempts to spread cryptocurrency mining malware in recent months, especially malware that mines for Monero.
Submitted by: Arnfried Walbrecht