fuchsiaaaaaaaaaaaaaaaaa
well fun morning, server from friends got epic haxored so i did forensics from my phone, in bed
- ssh with password auth enabled
- ssh'd into minecraft user with apparently weak password
- deployed payload, consisting of an irc c&c, and a monero miner disguised as 'kswapd0'
by far not the only ones, for example http://blog.alvarezp.org/2020/06/18/my-laptop-was-broken-into/
Follow
and slightly more in-depth writeup, https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/
the 'c' component is actually what alerted us, with abuse email sent from another provider 'hey pls stop bruteforcing our hosts'
