Color1337 Cryptojacking Campaign Churns Juices From Linux Servers

11 April 2023
Cybersecurity company Tehtris analyzed a cryptojacking campaign targeting Linux systems and infecting those with a malware bot called uhQCCSpB. With the bot, attackers use two strategies to launch a Monero miner on the infected machine. The "diicot" cryptominer is activated on machines that have more than four cores, whereas the "SlowAndSteady" option is executed on machines with four or fewer cores.