Researchers have stumbled across a new botnet which has gone under the radar for a long time while quietly enslaving PCs in the quest for cryptocurrency.
On Wednesday, researchers from F5 Networks revealed their findings on PyCryptoMiner, a new Linux-based botnet which is spreading over the SSH protocol.
The botnet is based on the Python scripting language which allows for obfuscation and appears to be “spreading silently,” according to the team.
PyCryptoMiner is also executed by a legitimate binary, which may be an interpreter shipped with the majority of Linux and Windows distributions.
F5 Networks says that the botnet scans for potentially vulnerable Linux machines and guesses SSH login credentials — a practice made simple if victims use basic, easy-to-crack phrases and letter combinations.