Malware that aims to mine cryptocurrencies gas become quite popular as cryptocurrencies themselves rose to the spotlight, and there are a few examples of crypto-mining malware showing up on devices, sometimes even causing physical damage. However, a new virus targeting Linux does a little more than that, according to research from Dr. Web.
Linux.BtcMine.174 is the current name of the new strand which mostly aims to mine the Monero cryptocurrency. But, in addition to that, this piece of malware which contains over 1,000 lines of code also tries to set itself up to shut down running services, hide files, and potentially steal your password.
Among the many steps it takes in rooting itself into a system, the malware tries to move itself into a folder where it has write permissions, gain root access, and escalate its own privileges using known exploits. It also adds itself to the autorun list and installs a rootkit.
As it does all this and gains more power over the system, it will try to stop any other software that may be mining cryptocurrencies, stop services and delete related files (many of which are related to antivirus solutions), and mine for Monero. The rootkit even allows it to steal user-entered passwords in the su command, so it seems to attack on a variety of fronts.
In addition to all of that, the virus tries to look for other systems to infect by looking at all the servers the system has connected to via SSH and then connecting to them itself.
The discovery is fairly recent, and there doesn't appear to be any form of mitigation so far, though you can use the Dr.Web antivirus to check if you've been infected. You can read all the details about how the malware attacks your system on the Dr.Web database as well.