Outlaw Group Deploys Cryptojacking Malware on Linux Servers via SSH Brute-Force Attacks

TL;DR

Cybersecurity researchers have uncovered the Outlaw group’s use of SSH brute-force attacks to deploy cryptojacking malware on Linux servers. This malware, known for its worm-like propagation, targets systems with weak credentials to mine cryptocurrency and maintain control.

Outlaw Group’s Cryptojacking Malware Campaign

Cybersecurity researchers have recently shed light on an advanced cryptocurrency mining botnet called Outlaw (also known as Dota). This malware is notorious for targeting SSH servers with weak credentials, utilizing brute-force attacks to gain unauthorized access.

Modus Operandi

Outlaw is a sophisticated Linux malware that employs several tactics to compromise systems:

• SSH Brute-Force Attacks: The malware attempts to gain access by systematically trying different combinations of usernames and passwords until it finds a match.
• Cryptocurrency Mining: Once inside, Outlaw installs cryptojacking software to mine cryptocurrencies, using the infected system’s resources.
• Worm-Like Propagation: The malware has the ability to spread to other connected systems, ensuring it maintains control over a network of infected machines.

According to Elastic Security Labs, “Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems” ¹.

Impact and Implications

The Outlaw group’s activities highlight the ongoing threat of cryptojacking malware, particularly for systems with weak security measures. Organizations and individuals must prioritize strong credential management and regular security audits to protect against such attacks.

For more detailed information, visit the full article: source

References

1. Elastic Security Labs (2025). “Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers”. The Hacker News. Retrieved 2025-04-02. ↩︎