This malicious program serves the only purpose-to brute-force router access passwords. Subsequently, the malware got uploaded and installed on devices by Trojans belonging to the family, which, in turn, are distributed using Linux.PNScan.1. For that, they exploited the ShellShock vulnerability running a script with corresponding settings. The Trojan's distribution scheme makes it rather unique-Doctor Web analysts presume that initially Linux.PNScan.1 was installed on attacked routers by virus makers themselves. Using this and other dangerous applications uploaded by Linux.PNScan.1 to the compromised device, cybercriminals can hack administrative control panel of PHPMyAdmin, which is used to manage relational databases, and brute-force authentication credentials to get unauthorized access to various devices and servers via the SSH protocol. The Trojan named Linux.PNScan.1 can infect devices with ARM, MIPS, or PowerPC architectures. Doctor Web security researchers examined a new dangerous Trojan for routers running Linux.
0 Comments
Leave a Reply. |