it kills the (probably not existing) virus scanner

„An associated security bypass is done as well — it will scam for processes running in memory that are associated with Linux-based anti-virus products. If such are found they are going to be killed instantly to avoid detection.“

it tries to infect all computers on the network

„The analysis of Linux.BtcMine.174 shows that a separate function is installed which will harvest credentials information, in this particular case a list of all remote servers and credentials. This allows the hacker operators to hijack the required strings and be able to connect to these machines. This allows for automated infection of whole networks of computers.“

Links:

https://www.sensorstechforum.com/cve-2013-2094-linux-btcmine-174/

https://github.com/DoctorWebLtd/malware-iocs/tree/master/Linux.BtcMine.174

https://vms.drweb-av.de/virus/?i=17645163

you might also wanna read: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html

admin