Experts believe that an experienced cybercrime group has created a botnet from compromised Linux-based systems and is using these servers and devices to mine Monero, a digital currency.
Crooks are apparently using brute-force attacks against Linux systems that feature exposed SSH ports. If they guess the password, they use Python scripts to install a Monero miner.
According to experts from F5 Networks, attackers have also started using an exploit for the JBoss server (CVE-2017-12149) to break into vulnerable computers, but the SSH attacks and brute-force attacks represent this new botnet’s bread and butter.
The attack is unique when compared to other Monero-mining botnets that have arisen in recent months, relying on Python scripts, rather than on malware binaries.