New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
A newly discovered malware, Perfctl, is actively exploiting vulnerable Linux servers to install cryptocurrency miners and proxyjacking software. This stealthy malware hides itself by mimicking legitimate processes, evading detection, and persisting even after system reboots.
- Perfctl is stealthy and persistent, halting activity when users log in and running only during idle times to avoid detection.
- The malware leverages a security flaw in Polkit (CVE-2021-4043) to escalate privileges and deploy a cryptocurrency miner known as perfcc.
- Perfctl disguises itself by adopting the names of legitimate Linux system processes, making detection challenging.
- Attackers exploit misconfigured Linux servers, using the vulnerable Apache RocketMQ instance to deliver the malware payload.
- The malware also installs a rootkit for defense evasion and, in some cases, retrieves proxyjacking software to divert network traffic for illicit gain.
- Systems infected with Perfctl may exhibit unusual spikes in CPU usage or slowdowns during idle periods, typical signs of hidden cryptocurrency mining.
The discovery of Perfctl emphasizes the growing threat to misconfigured and vulnerable Linux servers. Ensuring systems are up-to-date, implementing Role-Based Access Control (RBAC), and restricting unnecessary services are crucial steps to prevent such attacks.
Net Protector Cyber Security offers advanced endpoint protection, real-time malware detection, and server security solutions to safeguard critical infrastructures from sophisticated threats like Perfctl.
Comment(s)
Categories
- Other (42)
- Ransomware (131)
- Events and News (27)
- Features (45)
- Security (437)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (195)
- Cyber Attack (230)
- Data Backup (11)
- Data Breach (87)
- Phishing (144)
- Securty Tips (1)
- Browser Hijack (17)
- Adware (15)
- Email And Password (67)
- Android Security (57)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (7)
- vulnerability (55)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (7)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (9)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (2)
- DMart (1)
- Payment Risk (4)
- Occasion (3)
- firewall (2)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (8)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)
Recent Posts
Archive
Tags
cyber attack
phishing
data breach
ransomware
ransomeware
android malware
cyber threats
phishing attacks
data theft
financial security
phishing attack
cyber security
malware
data stealing
cybercrime
lockbit
data security
cyber threat
network security
financial fraud
cert-in
ddos
twitter
india
phishing email
microsoft
critical vulnerability
cyber fraud
cybercriminals
trojan
play store
clop
net protector total security
email phishing
email security
cyberattack
vulnerability
pakistan-backed hacker
malicious apps
cyber attacks
cybersecurity
microsoft team
winrar
organisation
data protection
scam
data backup
ransomware attacks
server security
ddos attack