On October 3, Aqua Nautilus researchers posted a blog post revealing what they know about a specific Linux malware dubbed “Perfctl” that’s been targeted at Linux servers over the past three to four years, using “more than 20,000 types of misconfigurations” as attack vectors to begin exploitation. Once exploitation began, the malware would use a rootkit to conceal itself and inevitably begin stealing CPU resources for crypto mining use. It hid mining traffic and potential instructions for backdoor commands and surveillance through Tor-encrypted traffic.
This Perfctl malware is quite a severe and persistent threat, considering how long it has remained in the wild. A sneaky crypto miner would be bad enough, but Perfctl can also gain greater backdoor access to the entire system through certain vectors, which could prove an even greatersecurityissue. It’s also difficult to properly detect the hijacked processes when diagnosing impacted servers. It can hide its crypto mining activity from you entirely, throwing back CPU utilization numbers that omit its activity.
Fortunately, there are mitigations that server operators can take to help alleviate the threat presented by Perfctl.
Aqua Nautilus-Recommended Perfctl Malware Mitigations
Hopefully, server operators can avoid this exploit or fix it where present now that this exploit and mitigations are so well-documented. For more detailed information on how the attacks functioned and what Aqua Nautilus learned by honey-potting and sandboxing them, consider checking out the full, several-page blog post documenting the issue over atAquaSec.
Otherwise, if you aren’t a Linux server operator, hope that your information isn’t on any of the Linux servers already compromised by this issue, and make sure you’re following proper cybersecurity practices in your day-to-day life.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.
