Tencent Yujian: Mining Trojan SysupdataMiner exploits multiple vulnerabilities to simultaneously attack Windows and Linux

Recently, Tencent Security Threat Intelligence Center detected a cross-platform mining Trojan SysupdataMiner. The mining Trojan spreads on the internal network using the vulnerability of SSH password-free login, and then uses a scanning tool to scan the Redis server on the external network and conduct a weak password blasting attack. On the infected machine, SysupdataMiner will detect and uninstall Alibaba Cloud Knight and Tencent Cloud Mirror. It will detect and remove other mining Trojans through various characteristics, then download the Monero Mining Trojan sysupdata and start SysupdataMiner. Two sets of scripts and Trojan files for attacking the Linux system can be used for cross-platform attacks.