August 15, 2024, San Francisco –A new Gafgyt botnet variant is targeting weak SSH passwords on cloud servers to harness GPU power for cryptocurrency mining, marking a dangerous shift in cybercriminal tactics.
A new variant of the notorious Gafgyt botnet has emerged, specifically targeting cloud servers with weak SSH passwords to exploit their GPU power for cryptocurrency mining. This alarming development underscores the evolving threat landscape, as cybercriminals shift focus from traditional DDoS attacks to more lucrative endeavors.
Cybersecurity experts at Aqua Security have revealed that this Gafgyt variant is actively brute-forcing its way into poorly secured SSH servers. Once inside, the botnet deploys a cryptomining payload that leverages the server’s GPU capabilities, turning compromised systems into profit-generating machines.
The cryptominer of choice, XMRig, is designed to mine Monero, a cryptocurrency known for its privacy features. Assaf Morag, a lead researcher at Aqua Security, noted:
This new Gafgyt variant represents a significant evolution in the botnet’s capabilities. By targeting cloud-native environments with powerful GPUs, the attackers can maximize their mining efficiency, making this attack particularly concerning.
In addition to exploiting weak SSH credentials, the botnet also terminates any competing malware on the host system, ensuring it can monopolize the server’s resources. The attack chain includes the use of a Go-based SSH scanner to propagate the malware across the internet, further expanding the botnet’s reach.
John Hultquist, Chief Analyst at Google’s Threat Intelligence team, commented on the broader implications, saying, “The shift from DDoS to cryptomining is indicative of how cybercriminals are adapting to maximize their financial gains. This trend is likely to continue as long as there are poorly secured servers available to exploit.”
As the threat of this new Gafgyt variant looms, cybersecurity professionals are urging organizations to strengthen their SSH security practices, including the use of strong passwords and two-factor authentication.
Other News At VPNRanks
- New Ransomware Strikes Linux with Double Extortion
- Brazil’s VPN Use Soars Amid Twitter HQ Shutdown Fallout
- OpenVPN Bugs Found: Hackers Can Chain to Seize Control
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
