Bobcares
Client Area
Emergency Support
Latest | Server Management

Hackers infected Linux SSH Servers with Tsunami Botnet Malware

by | Jun 26, 2023

Learn how hackers infected Linux SSH Servers with Tsunami Botnet Malware. Our Server Management Support team is here to help you with your questions and concerns.

Hackers infected Linux SSH Servers with Tsunami Botnet Malware

If you have been following the news closely, you might have come across hackers infecting Linux SSH servers with Tsunami botnet malware recently.

This particular modus operandi involves using brute force to push Linux SSH servers to install several malware like the Tsunami DDoS bot, privilege escalation tools, ShellBot, log cleaners, as well as XMRig coin miner.

Hackers infected Linux SSH Servers with Tsunami Botnet MalwareSSH is an encrypted network communication protocol that enables logging into remote machines. Additionally, it supports TCP port forwarding, tunneling, and so on.

In fact, SSH is used by network administrators to manage Linux devices remotely. It helps them change the configuration, run commands, update software as well as troubleshoot issues.

Although, if the servers are not properly secured, it leaves them in plain sight for brute force attacks. In fact, this permits threat actors to keep trying several username-password combinations until they find the right one.

According to our experts, threat actors rely on dictionary attacks to log into SSH servers.
Once they log in, they run a command that executes a Bash script to download and run various malware.

This Bash script carries out different tasks that help take control of infected systems. Additionally, it installs a backdoor SSH account.

Some of the malware that has been used in the campaign includes:

  • ShellBot
  • Log Cleaner
  • ping6 file
  • XMRig CoinMiner

The Tsunami botnet works by using several threat actors simultaneously. With attacks like these leaving SSH vulnerable, it is critical to have a concrete security plan in place. Our experts recommend using having a complete security plan in place to prevent falling victim to such attacks.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

To conclude, our Support Techs demonstrated how hackers infected SSH Servers with Tsunami Botnet Malware.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. The value buster-backports is invalid for APT | Resolved
  2. Configure SSH Passwordless Login Authentication
  3. Mirai Variant V3G4 targets Linux Systems | Latest Security Update
  4. Spl_autoload Backdoor Malware| About

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. The value buster-backports is invalid for APT | Resolved
  2. Configure SSH Passwordless Login Authentication
  3. Mirai Variant V3G4 targets Linux Systems | Latest Security Update
  4. Spl_autoload Backdoor Malware| About

Never again lose customers to poor
server speed! Let us help you.

GET STARTED