Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet.

Detailed insights from a recent incident response case in Brazil, handled by Kaspersky, reveal the group’s evolving tactics.

Sophisticated Threat Targets Weak SSH Credentials

The attackers target administrative accounts like “suporte,” often secured with predictable passwords, to infiltrate systems.

Once inside, they insert unauthorized SSH keys linked to a remote user named “mdrfckr,” a hallmark of Dota campaigns, enabling persistent access to compromised servers.

This incident underscores the critical need for robust SSH configurations as Outlaw’s reach spans multiple continents, with significant victim clusters in the United States, Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil, based on public telemetry data.

Multi-Stage Malware Deployment and Resource Hijacking

The Outlaw gang employs a multi-stage infection process that begins ...