Supershell Strikes: Go-Based Malware Targets Vulnerable Linux SSH

Researchers from ASEC have uncovered new attacks targeting poorly secured Linux SSH servers, in which hackers employed the Supershell malware, written in Go. This backdoor grants attackers remote control over compromised systems.

Following the initial infection, the hackers deploy scanners to identify additional vulnerable targets. It is believed that these attacks are carried out using password dictionaries obtained from already compromised servers.

The attackers utilize commands such as wget, curl, tftp, and ftpget to download and execute malicious scripts. These scripts enable full system access and allow the installation of additional malware, after which traces of the attack are concealed by deleting the downloaded files.

By installing the backdoor, the hackers can set up hidden cryptocurrency miners, such as XMRig, on the infected hosts—a typical tactic in attacks against vulnerable Linux servers. In this campaign, the hackers also used Cobalt Strike to configure remote access and ElfMiner to install cryptominers.

Experts recommend that administrators bolster the security of their systems by regularly updating software, using strong passwords, and enabling firewalls to reduce the risk of infection.