Linux devices are under attack by a never-before-seen worm

mozz@mbin.grits.dev to

Technology@lemmy.ml – 117 points – 9 months ago

Linux devices are under attack by a never-before-seen worm

arstechnica.com

Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.

the NoaBot targets weak passwords connecting SSH connections.

Harden your configs people.

AllowUsers is a really goood one.

Or just don't allow password auth at all.

Or just have a good password

If we're going to play that game. Require an Ed25519 key with a strong password.

Or ed25519-sk.

(In this case the "wrench" is just breaking into some weak link that isn't ssh, once your password is strong to not be a weak link)

Akamai has published an extensive library of indicators that people can use to check for signs of NoaBot on their devices (https://github.com/akamai/akamai-security-research/tree/main)

GCs those Akamai folks...

What does GC stand for? https://www.acronymfinder.com/Slang/GC.html

Good cunts - it's originally an Aussie term of endearment, as far as I'm aware

Garbage Collection

What does GC stand for?

Girthy Cocks maybe?
As a compliment, u noe?
Like saying they have Balls of Steel.

Game Cube

In this context i'm going with Game Chick from that list, because none make sense to me.

Group chat?

https://www.urbandictionary.com/define.php?term=gc

here's a link to the script. its nothing fancy, but makes it easy to check: https://github.com/akamai/akamai-security-research/blob/main/malware/noabot/noabot_detect.sh

here’s a link to the script.

"MagicPussy" doesn't sound that bad. 😏

Very poor title, like someone's just got their "Big Book of Clickbait"

Everything is under attack all the time, and everything is never-before-seen until it's seen.

I love how in security, we have gone from "use strong passwords" to "don't make your own passwords", because people will just refuse to learn.