Supershell Malware Being Distributed to Linux SSH Servers

Sept. 20, 2024, 11:41 a.m.

Description

A Chinese-developed Go-based backdoor called Supershell is targeting poorly managed Linux SSH servers. The malware, which supports multiple platforms, primarily functions as a reverse shell for remote system control. Attackers use dictionary attacks from various IP addresses to gain access, then install Supershell directly or via a downloader script. The malware is downloaded from web and FTP servers. While Supershell is the initial payload for control hijacking, XMRig Monero CoinMiners are often installed alongside it, suggesting cryptocurrency mining as the ultimate goal. To protect against such attacks, administrators should use strong passwords, update systems regularly, and implement security measures like firewalls.

External References

https://asec.ahnlab.com/en/83232/
https://otx.alienvault.com/pulse/66ed5aecd1c4b20f7441ddef
Tags
xmrig
ssh
2024-09-20
cryptocurrency mining
supershell

Date

  • Created: Sept. 20, 2024, 11:22 a.m.
  • Published: Sept. 20, 2024, 11:22 a.m.
  • Modified: Sept. 20, 2024, 11:41 a.m.

Indicators

  • cf5a7b7c71564a5eef77cc5297b9ffd6cd021eb44c0901ea3957cb2397b43e15
  • 23dbfb99fc6c4fcfc279100c4b6481a7fd3f0b061b8d915604efa2ba37c8ddfa
  • 157bea84012ca8b8dc6c0eabf80db1f0256eafccf4047d3e4e90c50ed42e69ff
  • 45.15.143.197
  • 107.189.8.15
Download all indicators here!

Attack Patterns

  • Supershell
  • XMRig