In the tmp directory of all infected hosts, there was an executable watch-smartd or Carbon. Analysis of these files led us to believe that they were two versions of cpuminer, a cryptocurrency mining program. After being executed, they would consume large quantities of server CPU and memory resources. This cryptominer could not maintain and revive processes, but could reappear sometime after being removed.
CPUMiner 2.2.3 Mining Software For Windows Full Version
2ff7e9595c
Comments