Categories: Malware

Linux.ProxyM used to Launch Numerous Hacking Attempts against Websites through Various Methods (SQL injections, XSS, LFI)

Linux.ProxyM malware was well known for infecting almost any Linux devices which include routers, set-top boxes, and other equipment. It affects the devices and launches a SOCKS proxy server on an infected device.

It involved in various activities, in June it was used by cybercriminals to target Raspberry Pi devices for Mining Cryptocurrency, in September it engaged in sending spam messages from infected devices, and it was detected by security researchers from Dr. Web.

Also Read Linux malware that Targets Raspberry Pi for Mining Cryptocurrency

Cybercriminals began using the “Internet of things” to distribute phishing messages. The emails were supposedly sent on behalf of DocuSign—a service that allows users to download, view, sign and track the status of electronic documents.says Dr.Web.

Starting from December attackers using the infected devices of Linux.ProxyM to ensure anonymity and to launch numerous attempts at hacking websites.

To launch hacking attempts they have used various hacking methods.

1.SQL injections – Injection of a malicious SQL code into a request to a website database
2.XSS (Cross-Site Scripting) – Attack method that involves adding a malicious script to a webpage
3.Local File Inclusion (LFI) – To remotely read files on an attacked server

It Launches significant attacks over game servers, forums, and resources on other topics, including Russian websites.

This activity performed in two different threads the first one to list the username, passwords and next thread operation of the SOCKS proxy server.

Mirai uses Telnet ports with default username and passwords, whereas Linux.MulDrop.14 uses SSH ports with default username and passwords.

SHA1:
187842e65c2e4ab4ba48a0805e2fcd85c45e4446

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

25 minutes ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

31 minutes ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

37 minutes ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

43 minutes ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

2 hours ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

2 hours ago