ShellBot (aka PerlBot)—a Perl-based DDoS bot malware previously seen in attacks along with CoinMiner—targets poorly managed Linux SSH servers in a new campaign. The malware scans vulnerable SSH servers over the internet, and after successful exploitation, leverages them for various malicious activities.
ShellBot was first discovered in 2017. The malware typically uses the IRC protocol to establish communication with its C2 server. It commonly uses SSH brute force technique to break into Internet-connected Linux servers with weak passwords to infect a system and mine cryptocurrency.