- Threat Encyclopedia
- Malware
- Trojan.Linux.KERBERDS.A
Trojan.Linux.Coinminer (Ikarus)
Linux
Downloaded from the Internet
This malware is responsible for dropping the cryptocurrency miner Coinminer.Linux.MALXMR.UWEJI and its rootkit component. It also has multiple ways of propagating itself, spreading via SSH and exploiting CVE-2019-1003001 and CVE-2019-1003000.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
2900788 bytes
ELF
Yes
25 Apr 2019
Connects to URLs/IPs, Drops files
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following copies of itself into the affected system:
It drops the following files:
It adds the following processes:
Other System Modifications
This Trojan modifies the following file(s):
It deletes the following files:
Other Details
This Trojan connects to the following URL(s) to get the affected system's IP address:
It does the following:
9.850
14.970.05
25 Apr 2019
14.971.00
26 Apr 2019
Scan your computer with your Trend Micro product to delete files detected as Trojan.Linux.KERBERDS.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information: