|
|
|
|
|
|
by Nextgrid
2202 days ago
|
|
|
It's just the Internet's "background noise", lots of compromised machines try to attack others. Any well-designed application will be immune to this. This particular attempt isn't cutting-edge and isn't trying to exploit some obscure vulnerability. They're not even "exploiting" anything, they are literally probing for an endpoint that is designed to happily execute any shell command passed to it (because I guess someone somewhere was stupid enough to implement something like this?). This is the digital equivalent of "asking nicely". They're trying to download a malicious shell script to the /tmp folder (that will in turn download more malware, most likely a cryptocurrency miner) and run it. Looking at the script (which is still available as of now) it does many attempts to download different variations of a malicious executable, each compiled for a different architecture. The list of architectures is quite broad (PPC and M68K even) so on that front they've done their job very thoroughly to maximize the potential yield. |
|
|