Romanian-Based Cryptojacking Group Brute-Forces Linux Passwords

A gang of hackers focused on cryptojacking and believed to operate out of Romania is using a brand new brute-force password hack tool and attacking Linux-based systems. The group's tool is called Diicot Brute and has never been encountered before by security researchers.

The Diicot Brute tool is a SSH password brute-forcer that attempts to crack weak, poorly constructed passwords on Linux machines. Once the hackers gain entry, they deploy a cryptominer that works with the Monero cryptocurrency.

The practice of cryptojacking is not particularly new. Hackers have been using malicious tools focused on cryptocurrency to obtain illegal profit for years now. Cryptojacking refers to bad actors stealthily deploying a malicious cryptomining tool on a victim's machine and then using the victim's hardware and resourced to mine currency that goes into the hacker's wallet.

Of course, using someone else's hardware is much cheaper than setting up a dedicated crypto farm and paying exorbitant electricity bills, so enterprising hackers are always on the lookout for easy money using their victim's computers.

According to researchers, the Diicot Brute tool claims it has the ability to detect and avoid hotbeds. Judging by the fact that it was caught in just one such hotbed testing environment seems to indicate that Diicot still has some work to do.

The cryptomalware's connection to Romania comes from its interface - Diicot Brute has an interface that is presented in part Romanian, part English.

The hackers also use Discord for reporting information back to them. This is an increasingly common occurrence, with several other malware campaigns in the past few months using Discord's infrastructure to help illegal activities.

The way the malware works is, it first sniffs out SSH servers using port scanning. Next up is the actual brute forcing step, running until valid credentials are found. Finally, the malware connects using the cracked credentials using SSH and then deploys its cryptomining payload.

The discouraging bottom line from the security report on the Romanian hackers is that the reason why their tool works is simply "people". Even though the Linux community is famous for its obsessive-compulsive behavior when it comes to security, there are obviously still plenty of weak passwords that allow similar brute force kits to work.

By Zaib
July 16, 2021
Computer Security
English
July 16, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

News

Hackers Have Brute-Forced Admin Usernames and Passwords of 20,000 WordPress Sites

When security researchers say that adding '123' to the end of a weak password isn't doing a whole lot to improve its security, many people tend to think that the paranoia levels are running too high. Users reckon that... Read more

December 13, 2018
Computer Security

Watch Out for Lemon Duck - a Crypto Miner That Can Brute-Force Passwords

In late October 2020, security researchers issued a warning regarding the Lemon Duck botnet. The cryptocurrency mining botnet is logging a significant activity spike and making crypto-miner bots relevant once again.... Read more

October 14, 2020
Password Security

We Now Know What Passwords Hackers Try First When Brute-Forcing Accounts

When we talk about passwords, the first thing that probably comes to your mind is your email or your social media account password. But these days, we have to take a broader look at all the accounts and devices that... Read more

June 8, 2020
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.