Posts tagged Noabot
Noabot is a modified version of the infamous Mirai malware and it's now attacking SSH connections with weak credentials

In a recent Ars Technica article a discussion on a new and sophisticated worm that has been targeting Linux devices globally for the past year was documented. This worm, named NoaBot, is a modified version of the infamous Mirai malware. Originally, Mirai became notorious in 2016 for initiating large-scale Distributed Denial-of-Service (DDoS) attacks. The unique aspect of Mirai is its ability to infect devices and then use them as a platform to spread to other vulnerable devices, a characteristic that categorizes it as a worm because it self-replicates.

The main difference with NoaBot, compared to traditional Mirai attacks, is its method of propagation and the nature of the attack. Instead of exploiting weak Telnet passwords, NoaBot targets SSH connections with weak passwords. Once it infects a device, it doesn't just stop there. Unlike the original Mirai, which was primarily used for launching DDoS attacks, NoaBot installs a cryptomining application on the infected devices. This cryptomining malware is designed to be difficult to detect, employing unique methods to conceal its activities.

The worm's approach, combining the use of common hacking techniques with new, more covert methods of operation, makes it particularly dangerous. Given the large bandwidth capacities of many infected devices, the worm can generate significant amounts of junk traffic, empowering the botnet substantially.

This situation highlights the ongoing threat posed by cybercriminals and underscores the need for robust cybersecurity measures. Key preventive actions include using strong and unique passwords, especially for SSH connections, and staying updated with the latest malware detection tools and cybersecurity practices.

For more detailed information, you can read the full article on Ars Technica (https://upmytech.com/linux-devices-are-under-attack-by-a-never-before-seen-worm-ars-technica/), and additional insights are available on Digital Chew (https://digitalchew.com/2024/01/10/virulent-mirai-based-malware-worm-attacks-linux-devices-globally/).