For information.
1 Like
Did some quick reading and searching on this.
It looks like the entry point of this malware into systems is not yet known.
The malware ultimately downloads and installs a cryptominer payload and this works on the basis of two linux vulnerabilities from April and November 2021.
The malware appears to be targeted at linux based endpoints and the recommendation is
- Keep software up to date with security updates.
- Install Antivirus and/or EDR in all endpoints.
- Use a backup system to backup server files.
which is fairly standard and should hopefully be getting done anyway. 
Although it is targeted at linux endpoints, in terms of IPFire
- One of the CVE vulnerabilities does not apply as the package is not used
- The other CVE vulnerability is in the kernel and looks to be linked to a patch that Ubuntu use for their kernel. The other elements of that kernel vulnerability were fixed in kernel version 5.10 or 5.11, I am not able to confirm definitely which of those versions.
IPFire’s current linux version is 5.15.49 and IPFire moved to kernel series 5.15 with CU162 at the beginning of December 2021.
3 Likes