{"id":40375,"date":"2021-04-09T15:52:23","date_gmt":"2021-04-09T15:52:23","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32185\/Windows-And-Linux-Devices-Are-Under-Attack-By-A-New-Cryptomining-Worm.html"},"modified":"2021-04-09T15:52:23","modified_gmt":"2021-04-09T15:52:23","slug":"windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/","title":{"rendered":"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/enterprise-server-800x545.jpeg\" alt=\"Windows and Linux devices are under attack by a new cryptomining worm\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"28 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">42<\/span> <span class=\"visually-hidden\"> with 28 posters participating, including story author<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 169:single\/related:a7c562d83a24ade199f659bb2e30588b --><!-- empty --><\/p>\n<p>A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said.<\/p>\n<p>Research company Juniper started monitoring what it\u2019s calling the Sysrv botnet in December. One of the botnet\u2019s malware components was a worm that spread from one vulnerable device to another without requiring any user action. It did this by scanning the Internet for vulnerable devices and, when found, infecting them using a list of exploits that has increased over time.<\/p>\n<p>The malware also included a cryptominer that uses infected devices to create the Monero digital currency. There was a separate binary file for each component.<\/p>\n<h2>Constantly growing arsenal<\/h2>\n<p>By March, Sysrv developers had redesigned the malware to combine the worm and miner into a single binary. They also gave the script that loads the malware the ability to add SSH keys, most likely as a way to make it better able to survive reboots and to have more sophisticated capabilities. The worm was exploiting six vulnerabilities in software and frameworks used in enterprises, including Mongo Express, XXL-Job, XML-RPC, Saltstack, ThinkPHP, and Drupal Ajax.<\/p>\n<p>\u201cBased on the binaries we have seen and the time when we have seen them, we found that the threat actor is constantly updating its exploit arsenal,\u201d Juniper researcher Paul Kimayong said in a <a href=\"https:\/\/blogs.juniper.net\/en-us\/threat-research\/sysrv-botnet-expands-and-gains-persistence\">Thursday blog post<\/a>.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/botnet_timeline.png\" class=\"enlarge\" data-height=\"472\" data-width=\"1024\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/botnet_timeline-640x295.png\" width=\"640\" height=\"295\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/botnet_timeline.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">Juniper Research<\/div>\n<\/figcaption><\/figure>\n<p>Thursday\u2019s post listed more than a dozen exploits that are under attack by the malware. They are:<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<table>\n<tbody>\n<tr>\n<td width=\"312\"><strong>Exploit<\/strong><\/td>\n<td width=\"312\"><strong>Software<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2021-3129<\/td>\n<td width=\"312\">Laravel<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2020-14882<\/td>\n<td width=\"312\">Oracle Weblogic<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2019-3396<\/td>\n<td width=\"312\">Widget Connector macro in Atlassian Confluence Server<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2019-10758<\/td>\n<td width=\"312\">Mongo Express<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2019-0193<\/td>\n<td width=\"312\">Apache Solr<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2017-9841<\/td>\n<td width=\"312\">PHPUnit<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2017-12149<\/td>\n<td width=\"312\">Jboss Application Server<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2017-11610<\/td>\n<td width=\"312\">Supervisor (XML-RPC)<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">Apache Hadoop Unauthenticated Command Execution via YARN ResourceManager (No CVE)<\/td>\n<td width=\"312\">Apache Hadoop<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">Brute force Jenkins<\/td>\n<td width=\"312\">Jenkins<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">Jupyter Notebook Command Execution (No CVE)<\/td>\n<td width=\"312\">Jupyter Notebook Server<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">CVE-2019-7238<\/td>\n<td width=\"312\">Sonatype Nexus Repository Manager<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">Tomcat Manager Unauth Upload Command Execution (No CVE)<\/td>\n<td width=\"312\">Tomcat Manager<\/td>\n<\/tr>\n<tr>\n<td width=\"312\">WordPress Bruteforce<\/td>\n<td width=\"312\">WordPress<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The exploits Juniper Research previously saw the malware using are:<\/p>\n<ul>\n<li>Mongo Express RCE (CVE-2019-10758)<\/li>\n<li>XXL-JOB Unauth RCE<\/li>\n<li>XML-RPC (CVE-2017-11610)<\/li>\n<li>CVE-2020-16846 (Saltstack RCE)<\/li>\n<li>ThinkPHP RCE<\/li>\n<li>CVE-2018-7600 (Drupal Ajax RCE)<\/li>\n<\/ul>\n<h2>Come on in, water\u2019s great<\/h2>\n<p>The developers have also changed the mining pools that infected devices join. The miner is a version of the open source XMRig&nbsp;that currently mines for the following mining pools:<\/p>\n<ul>\n<li>Xmr-eu1.nanopool.org:14444<\/li>\n<li>f2pool.com:13531<\/li>\n<li>minexmr.com:5555<\/li>\n<\/ul>\n<p>A mining pool is a group of cryptocurrency miners who combine their computational resources to reduce the volatility of their returns and increase the chances of finding a block of transactions. According to mining pool profitability comparison site <a href=\"https:\/\/www.poolwatch.io\/\">PoolWatch.io<\/a>, the pools used by Sysrv are three of the four top Monero mining pools.<\/p>\n<p>\u201cCombined together, they almost have 50% of the network hash rate,\u201d Kimayong wrote. \u201cThe threat actor\u2019s criteria appears to be top mining pools with high reward rates.\u201d<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/poolwatch-ranking.png\" class=\"enlarge\" data-height=\"381\" data-width=\"1024\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/poolwatch-ranking-640x238.png\" width=\"640\" height=\"238\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/poolwatch-ranking.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">Juniper Research<\/div>\n<\/figcaption><\/figure>\n<p>The profit from mining is deposited into the following wallet address:<\/p>\n<pre>49dnvYkWkZNPrDj3KF8fR1BHLBfiVArU6Hu61N9gtrZWgbRptntwht5JUrXX1ZeofwPwC6fXNxPZfGjNEChXttwWE3WGURa<\/pre>\n<p><a href=\"https:\/\/nanopool.org\/\">Nanopool<\/a> shows that the wallet gained 8 XMR, worth roughly $1,700, from March 1 to March 28. It&#8217;s adding about 1 XMR every two days.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/nanopoolgain.png\" class=\"enlarge\" data-height=\"401\" data-width=\"1024\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/nanopoolgain-640x251.png\" width=\"640\" height=\"251\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/nanopoolgain.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">Juniper Research<\/div>\n<\/figcaption><\/figure>\n<h2>A threat to Windows and Linux alike<\/h2>\n<p>The Sysrv binary is a 64-bit Go binary that\u2019s packed with the open source UPX executable packer. There are versions for both Windows and Linux. Two Windows binaries chosen at random were detected by <a href=\"https:\/\/www.virustotal.com\/gui\/file\/be8d067e762c5da8e616f62e882881b82c8627943bdf006e304fd9a4f784763f\/detection\">33<\/a> and <a href=\"https:\/\/www.virustotal.com\/gui\/file\/e51e35ce9737838d1a26be7285ba78a137d11c6725382944f34bde86f16cc893\/detection\">48<\/a> of the top 70 malware protection services, according to VirusTotal. Two randomly picked Linux binaries had <a href=\"https:\/\/www.virustotal.com\/gui\/file\/296d3d3ed5feeda7f6d99adc9da2566cb6c460194066acccac941a7b09bedfc3\/details\">six<\/a> and <a href=\"https:\/\/www.virustotal.com\/gui\/file\/77a9f3d4f498c8a84e09c89fd75d98eea31954cc17d948b876c00c638c95a7b6\/community\">nine<\/a>.<\/p>\n<p>The threat from this botnet isn\u2019t just the strain on computing resources and the non-trivial drain of electricity. Malware that has the ability to run a cryptominer can almost certainly also install ransomware and other malicious wares. Thursday\u2019s blog post has dozens of indicators that administrators can use to see if the devices they manage are infected.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32185\/Windows-And-Linux-Devices-Are-Under-Attack-By-A-New-Cryptomining-Worm.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40376,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9320],"class_list":["post-40375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwaremicrosoftlinuxflawcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Windows And Linux Devices Are Under Attack By A New Cryptomining Worm 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-09T15:52:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"545\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm\",\"datePublished\":\"2021-04-09T15:52:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/\"},\"wordCount\":673,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg\",\"keywords\":[\"headline,hacker,malware,microsoft,linux,flaw,cryptography\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/\",\"name\":\"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg\",\"datePublished\":\"2021-04-09T15:52:23+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg\",\"width\":800,\"height\":545},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,microsoft,linux,flaw,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwaremicrosoftlinuxflawcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/","og_locale":"en_US","og_type":"article","og_title":"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-09T15:52:23+00:00","og_image":[{"width":800,"height":545,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm","datePublished":"2021-04-09T15:52:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/"},"wordCount":673,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg","keywords":["headline,hacker,malware,microsoft,linux,flaw,cryptography"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/","url":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/","name":"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg","datePublished":"2021-04-09T15:52:23+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm.jpg","width":800,"height":545},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,microsoft,linux,flaw,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwaremicrosoftlinuxflawcryptography\/"},{"@type":"ListItem","position":3,"name":"Windows And Linux Devices Are Under Attack By A New Cryptomining Worm"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40375"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40376"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}