[alfonmga]

I feel bad about this because I wrote an article[0] about how to hide Monero miners on Linux systems. Sometimes I ask myself if I should unpublish it as probably some of the criminals doing this type of attacks found it helpful.

[0] https://alfon.xyz/posts/hiding-cryptominers-linux

[brobinson]

Skimmed the article. Looks nice. Good colors and formatting throughout.

Don't delete it.

Hiding processes and tidying up the CPU time (adding it to System Idle Process on Windows, etc.) is Rootkits 101. This technique has been documented in books for 15+ years. If they don't get the info from you, they'll get it somewhere else just as easily.

[philkuz]

That article is very interesting! Looks like a similar approach to: https://sysdig.com/blog/hiding-linux-processes-for-fun-and-p...

I wouldn't feel bad about it. The article provides info for security experts about a potential attack vector that exists. That doesn't change if you unpublish the post.

Keep it up!

[striking]

You could remove references to crypto without changing the rest of the article. That way the cool educational bits remain, and helping bad people do bad things with very very little effort is gone.

[0xdeadb00f]

Who cares? It's not your duty to police the net.

[nigma1337]

Great article, i'd keep it up, as another commenter says, this is mostly rootkits 101 stuff.

I'm wondering, how would one go about finding one of these rootkits? Looking through loaded kernel modules for anything "weird"?

EDIT: I should really start reading the articles before going to comments, how to find these is litterally what the article is about..

[teruakohatu]

How much search engine traffic does that article get?

[alfonmga]

I don't know exactly how much traffic it gets because I don't do any type of tracking.

I frequently receive emails from anonymous persons asking for help and even some of them are willing to pay me to set up it for them… so you can imagine what these last ones are using it for.