1 views collected around this technical thread.
An infected Linux server shows high CPU usage but standard tools miss the culprit; this guide explains how mining malware hides its process via /proc tricks, demonstrates detection using network scans, unhide tools, and offers removal steps to eradicate the hidden miner.
This article walks through a real‑world Linux mining malware infection, detailing how the attacker hid a malicious cron job, used LD_PRELOAD rootkits, propagated via SSH keys, and how the analyst uncovered and removed the threat using busybox, strace, and careful forensic commands.
This article walks through a real‑world Linux mining malware incident, detailing how the attacker used a malicious crontab entry and LD_PRELOAD to hide processes, the forensic steps to uncover the payload, and practical remediation and hardening measures to prevent future compromises.
The 2018 second‑quarter report by the Ministry of Industry and Information Technology details the monitoring of approximately 18.4 million internet security threats, highlighting compromised user email accounts, attacks on industrial IoT platforms and devices, the rise of illegal cryptocurrency mining, and outlines the major mitigation actions taken, including vulnerability remediation, network protection for major events, and coordinated emergency drills.