Anandu Aman

With one of my many honeypots actived around the world wide web, I discovered an interesting script written with the famous Perl programming language. This Perl script is a malware used to remotely control a machine, opening what is technically called backdoor. If this malicious program runs on multiple machines, there is a possibility that the attacker may have created a botnet. At first, a botnet is a network controlled by a bots master and composed of devices infected with specialized malware, called bots or zombies (“Computer zombie”). Devices connected to the Internet within which there are vulnerabilities in their infrastructure can sometimes become part of the botnet, even if they do not have the malware installed. Through the backdoor, the botmaster can control the system via remote access. Thus infected computers can launch attacks, named, Distributed Denial of Service against other systems or perform other illicit operations. How it works is relativ

As mentioned in the getmonero.org blog post , the binaries of Command Line Interface (CLI) of Monero were recently compromised. For readers who are unaware of Monero, it is a cryptocurrency which aims to protect the financial privacy of its users. It is based on well-known technologies such as ring signatures and Confidential Transactions; I suggest reading Mastering Monero to better understand its fundamentals. Before starting my post-mortem analysis, I’d like to highlight that - at the moment of writing - I have no idea of HOW the downloads.getmonero.org server was compromised. This blog post will be updated once engineers finish inspecting the box. At first, nikitasius reported - via a Github issue a mismatched hash (SHA256: b99009d2e47989262c23f7277808f7bb0115075e7467061d54fd80c51a22e63d for the archive monero.tar.bz2) of the monero.tar.bz2 for Linux. This file is a compressed archive which contains the Monero Command Line client used to manage the walle