{"id":78454,"date":"2024-05-25T15:14:54","date_gmt":"2024-05-25T07:14:54","guid":{"rendered":"https:\/\/version-2.com\/?p=78454"},"modified":"2024-05-20T15:16:41","modified_gmt":"2024-05-20T07:16:41","slug":"eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2024\/05\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/","title":{"rendered":"ESET Research: Ebury botnet alive &#038; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"78454\" class=\"elementor elementor-78454\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-71ae5294 post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"71ae5294\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4a899f&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1e9119cd\" data-id=\"1e9119cd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4f04f8cb elementor-widget elementor-widget-text-editor\" data-id=\"4f04f8cb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div><div id=\"content-c10622756\" class=\"frame frame-default frame-type-text frame-layout-0\"><ul><li>ESET Research has released its deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing \u2013 Ebury group with their malware and botnet.<\/li><li>Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023.<\/li><li>Ebury actors have been pursuing monetization activities subsequent to our 2014 publication on Operation Windigo, including the spread of spam, web traffic redirections, and credential stealing.<\/li><li>Additionally, ESET has confirmed that operators are also involved in cryptocurrency heists.<\/li><li>In many cases, Ebury operators were able to gain full access to large servers of ISPs and well-known hosting providers.<\/li><\/ul><p><strong>BRATISLAVA, MONTREAL<\/strong> \u2014 <strong>May 14, 2024<\/strong> \u2014 ESET Research released today its deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation. Among the activities of the infamous Ebury group and botnet over the years has been the spread of spam, web traffic redirections, and credential stealing.\u00a0 In recent years it has diversified to credit card and cryptocurrency theft. Additionally, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023. In many cases, Ebury operators were able to gain full access to large servers of ISPs and well-known hosting providers.<\/p><p>Ten years ago, ESET published a white paper about Operation Windigo, which uses multiple malware families working in combination, with the Ebury malware family at its core. In late 2021, the Dutch National High Tech Crime Unit (NHTCU), part of the Netherlands national police, reached out to ESET regarding servers in the Netherlands suspected of being compromised with Ebury malware. Those suspicions turned out to be well-founded and with NHTCU&#8217;s assistance, ESET Research has gained considerable visibility into operations run by the Ebury threat actors.<\/p><p>\u201cFollowing the release of the Windigo paper in early 2014, one of the perpetrators was arrested at the Finland-Russia border in 2015, and later extradited to the United States. While initially claiming innocence, he eventually pleaded guilty to the charges in 2017, a few weeks before his trial at the U.S. District Court in Minneapolis was set to proceed, and where ESET researchers were scheduled to testify,\u201d says Marc-Etienne M. L\u00e9veill\u00e9, the ESET researcher who investigated Ebury for more than a decade.<\/p><p>Ebury, active since at least 2009, is an OpenSSH backdoor and credential stealer. It is used to deploy additional malware to: monetize the botnet (such as modules for web traffic redirection), proxy traffic for spam, perform adversary-in-the-middle attacks (AitM), and host supporting malicious infrastructure. In AitM attacks, ESET has observed over 200 targets across more than 75 networks in 34 different countries between February 2022 and May 2023. \u00a0<\/p><p>Its operators have used the Ebury botnet to steal cryptocurrency wallets, credentials, and credit card details. ESET has uncovered new malware families authored and deployed by the gang for financial gain, including Apache modules and a kernel module to perform web traffic redirection. Ebury operators also used zero-day vulnerabilities in administrator software to compromise servers in bulk.<\/p><p>After a system is compromised, a number of details are exfiltrated. Using the known passwords and keys obtained on that system, credentials are reused to try logging into related systems. Each new major version of Ebury introduces some important change and new features and obfuscation techniques.<\/p><p>\u201cWe have documented cases where the infrastructure of hosting providers was compromised by Ebury. In these cases, we have seen Ebury being deployed on servers rented out by those providers, with no warning to the lessees. This resulted in cases where the Ebury actors were able to compromise thousands of servers at once,\u201d says L\u00e9veill\u00e9. There is no geographical boundary to Ebury; there are servers compromised with Ebury in almost all countries in the world. Whenever a hosting provider was compromised, it led to a vast number of compromised servers in the same data centers.<\/p><p>At the same time, no verticals appear more targeted than others. Victims include universities, small and large enterprises, internet service providers, cryptocurrency traders, Tor exit nodes, shared hosting providers, and dedicated server providers, to name a few.<\/p><p>In late 2019, the infrastructure of a large and popular US-based domain registrar and web hosting provider was compromised. In total, approximately 2,500 physical and 60,000 virtual servers were compromised by the attackers. A very large portion, if not all, of these servers are shared between multiple users to host the websites of more than 1.5 million accounts. In another incident, a total of 70,000 servers from that hosting provider were compromised by Ebury in 2023. Kernel.org, hosting the source code of the Linux kernel, had been a victim of Ebury too.<\/p><p>\u201cEbury poses a serious threat and a challenge to the Linux security community. There is no simple fix that would make Ebury ineffective, but a handful of mitigations can be applied to minimize its spread and impact. One thing to realize is that it doesn\u2019t only happen to organizations or individuals that care less about security. A lot of very tech-savvy individuals and large organizations are among the list of victims,\u201d concludes L\u00e9veill\u00e9.<\/p><p>For more technical information and a set of tools and indicators to help system administrators determine whether their systems are compromised by Ebury, read the full white paper \u201c<a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain\/\" target=\"_blank\" rel=\"noopener\">Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain<\/a>\u201d. Make sure to follow <a href=\"https:\/\/twitter.com\/ESETresearch\" target=\"_blank\" rel=\"noopener\">ESET Research on Twitter<\/a> (today known as X) for the latest news from ESET Research.<\/p><p class=\"align-center\"><strong><em>Ebury deployments per month using two different scales on the Y axis, according to the database of compromised servers maintained by the perpetrators. <\/em><\/strong><i class=\"arrow\"><\/i><\/p><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a1b0f4 elementor-widget elementor-widget-shortcode\" data-id=\"1a1b0f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18159\" class=\"elementor elementor-18159\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-73b4cd0 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"73b4cd0\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8d19c1e\" data-id=\"8d19c1e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8865cce elementor-widget elementor-widget-text-editor\" data-id=\"8865cce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About ESET<\/strong><br \/>For 30 years, ESET\u00ae has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET\u2019s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24\/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&amp;D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single \u201cin-the-wild\u201d malware without interruption since 2003.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>ESET Research has released its deep-dive investigation  [&hellip;]<\/p>","protected":false},"author":149011790,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1273,40,61],"tags":[41,1272],"class_list":["post-78454","post","type-post","status-publish","format-standard","hentry","category-1273","category-eset","category-press-release","tag-eset","tag-1272"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ESET Research: Ebury botnet alive &amp; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ESET Research: Ebury botnet alive &amp; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain - Version 2\" \/>\n<meta property=\"og:description\" content=\"ESET Research has released its deep-dive investigation [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-25T07:14:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"70\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.eset.com\\\/int\\\/about\\\/newsroom\\\/press-releases\\\/research\\\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/05\\\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"ESET Research: Ebury botnet alive &#038; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain\",\"datePublished\":\"2024-05-25T07:14:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/05\\\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/\"},\"wordCount\":960,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"keywords\":[\"ESET\",\"2024\"],\"articleSection\":[\"2024\",\"ESET\",\"Press Release\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.eset.com\\\/int\\\/about\\\/newsroom\\\/press-releases\\\/research\\\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/05\\\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/\",\"url\":\"https:\\\/\\\/www.eset.com\\\/int\\\/about\\\/newsroom\\\/press-releases\\\/research\\\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/\",\"name\":\"ESET Research: Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"datePublished\":\"2024-05-25T07:14:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.eset.com\\\/int\\\/about\\\/newsroom\\\/press-releases\\\/research\\\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.eset.com\\\/int\\\/about\\\/newsroom\\\/press-releases\\\/research\\\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.eset.com\\\/int\\\/about\\\/newsroom\\\/press-releases\\\/research\\\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ESET Research: Ebury botnet alive &#038; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ESET Research: Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/","og_locale":"en_US","og_type":"article","og_title":"ESET Research: Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain - Version 2","og_description":"ESET Research has released its deep-dive investigation [&hellip;]","og_url":"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/","og_site_name":"Version 2","article_published_time":"2024-05-25T07:14:54+00:00","og_image":[{"width":250,"height":70,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg","type":"image\/jpeg"}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"Written by":"tracylamv2","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2024\/05\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"ESET Research: Ebury botnet alive &#038; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain","datePublished":"2024-05-25T07:14:54+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2024\/05\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/"},"wordCount":960,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"keywords":["ESET","2024"],"articleSection":["2024","ESET","Press Release"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2024\/05\/eset-research-ebury-botnet-alive-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/","url":"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/","name":"ESET Research: Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"datePublished":"2024-05-25T07:14:54+00:00","breadcrumb":{"@id":"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-ebury-botnet-alive-growing-400k-linux-servers-compromised-for-cryptocurrency-theft-and-financial-gain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"ESET Research: Ebury botnet alive &#038; growing; 400k Linux servers compromised for cryptocurrency theft and financial gain"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/en\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-kpo","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/78454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=78454"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/78454\/revisions"}],"predecessor-version":[{"id":78461,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/78454\/revisions\/78461"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=78454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=78454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=78454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}