New Malware, Shellbot Revealed, with the Ability to Create Crypto Using Others’ Resources, Be Aware

On Wednesday, May 1, 2019, security-focused firm, Threat Stack disclosed the findings of a relatively new malware called Shellbot to TechCrunch. As per the claims made, Shellbot – which was first discovered on an unnamed US firm’s server – has the ability to infect computers with Linux servers that carry easy-to-break into passwords, and then using the resources found to create cryptocurrencies.

What initially involved using other people’s information to create money, has now developed so that it has the ability to infect a whole network that allows the malware to shut down cryptominers. In doing so, the availability and space of processing power increases, which then allows for the creation of more crypto.

As per the researchers at Threat Stack, “The main goal of this campaign appears to be monetary gain via cryptomining and propagating itself to other systems on the internet.” It was further noted that the malware has three components. Here’s an overview of what was described by TechCrunch:

1. A dropper script was used to install “malicious payload from the malware’s command and control server”
2. 272-line script is used to check for the presence of other crypto miners and creates a copy of itself to embed into the system
3. Monero tokens are created – a privacy-focused token

The income generating abilities of this malware is pretty insane, as it can do about $300 per day – “or $8,000 in total.”

According to Threat Stack’s Chief Security Officer, Sam Bisbee, Shellbot’s abilities have expanded tremendously to the point where, “They are fully capable […] to exfiltrate, ransom or destroy data,” not to mention, “being used broadly based on its capabilities.”