BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A new way to attack Linux allows you to upload a ready-made repository to the system


    Written once - works everywhere.

    Sysdig researchers have discovered that hackers are using the open-source Linux PRoot utility in Bring Your Own Filesystem (BYOF) attacks to provide a consistent repository of malicious tools that run on many Linux distributions.

    PRoot is an open source utility that allows the user to set up an isolated root file system on Linux. In the discovered attacks, the hacker uses PRoot to deploy a malicious file system on already compromised systems, which include network scanning tools - "masscan" and "nmap", the XMRig cryptominer and their configuration files.

    The filesystem contains everything needed for the attack, neatly packaged in a Gzip compressed tar file with all the necessary dependencies, downloaded from trusted cloud hosting services such as DropBox.

    Since PRoot is compiled statically and does not require any dependencies, the attacker simply downloads the pre-compiled binary from GitLab and mounts it on the downloaded and extracted file system. In most cases, cybercriminals unpacked the file system to "/tmp/Proot/" and then activated the XMRig cryptominer.

    According to the researchers, a hacker could use PRoot to download payloads other than XMRig, potentially causing more damage to the compromised system. The presence of "masscan" on the malware's filesystem indicates that the hackers are planning to break into other systems on the compromised machine as well.

    The use of the PRoot utility makes these attacks platform and distribution independent, making them more efficient and inconspicuous. In addition, the pre-configured PRoot file system allows a cybercriminal to use the toolkit in many OS configurations without having to port their malware to the target architecture or include dependencies and build tools.

    PRoot attacks allow the attacker not to think about the architecture or distribution of the target, as this tool eliminates issues with executable file compatibility, environment setup, and malware execution. Such attacks remove the need to set up the environment and allow the hacker to quickly scale their malicious campaigns.

    Author DeepWeb
    Critical Vulnerability in Ping Utility Allows Hackers to Take Over FreeBSD Systems
    Unknown hackers carry out aimless attacks on Western countries

    Comments 0

    Add comment