In a new campaign, the Perl-based DDoS bot malware ShellBot (also known as PerlBot), which was previously used in assaults alongside CoinMiner, targets poorly maintained Linux SSH servers. The malware analyses online SSH servers for vulnerabilities and, upon successful exploitation, uses them for a variety of nefarious purposes.
In 2017, ShellBot was first identified. The IRC protocol is frequently used by malware to connect to its C2 server. To infect a system and mine cryptocurrency, it frequently employs the SSH brute force technique to hack into Linux servers connected to the Internet with weak passwords.