This Linux botnet has found a novel way of spreading to new devices

Image: Getty/Virojt Changyencham

Linux users need to be watch out of a new peer-to-peer (P2P) botnet that spreads between networks using stolen SSH keys and runs its crypto-mining malware in a device’s memory. 

The Panchan P2P botnet was discovered by researchers at Akamai in March and the company is now warning it could be taking advantage of collaboration between academic institutions to spread by causing previously stolen SSH authentication keys to be shared across networks. 

But rather than stealing intellectual property from these educational institutions, the Panchan botnet is using their Linux servers to mine cryptocurrency, according to Akamai

Using other people’s hardware to mine cryptocurrency might not be as lucrative as it once was due to the crypto crash currently underway but Panchan’s mining rig costs nothing for the troublemakers who use it. 

Panchan is a cryptojacker that was written in the Go programming language. Cryptojackers abuse others’ compute power to mine cryptocurrency. 

Panchan’s P2P protocol communicates in plaintext over TCP but can evade monitoring, according to Akamai. The malware features a “godmode” admin panel, protected with a private key, for remotely controlling and distributing mining configurations.    

“The admin panel is written in Japanese, which hints at the creator’s geolocation,” notes

Read More: