Color1337: Linux Cryptomining Attack Campaign Used uhQCCSpB Bot

08 April 2023
The attackers use a bot called uhQCCSpB that installs and launches a Monero miner on the infected machine. After killing all other miners on the device, the attacker uses two different strategies to maximize access to the compromised Linux machine.