this post was submitted on 04 Oct 2024
154 points (95.8% liked)

Linux

48316 readers
709 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

TLDR: perfctl is a crypto mining and proxy jacking malware that exploits about 20’000 common missconfigurations to install itself on Linux servers. Mostly using a 10/10 CVE on Apache RocketMQ.

It is very persistent and can reinstall itself even when you have deleted all the perfctl and perfcc files. It hides itself by removing logs, network packets, and stopping all activity once you login to the machine.

Monitoring cpu usage using tools (I use net data on my server) can help identify infections (100% cpu usage when « idle »).

you are viewing a single comment's thread
view the rest of the comments
[–] NeoNachtwaechter@lemmy.world 53 points 1 month ago (2 children)

However, the process would stop immediately when I logged in via SSH or console. As soon as I logged out, the malware would resume running within a few seconds

OK so you just need to stay logged in - Solved :)

[–] pezhore@lemmy.ml 15 points 1 month ago (1 children)

tmux and a <ctrl>-<b><d> - done!

[–] TDCN@feddit.dk 14 points 1 month ago (1 children)

....Me avoiding responsibilities....

[–] Enkers@sh.itjust.works 28 points 1 month ago
//TODO: remove perfctl

There, that should fix it.

[–] delirious_owl@discuss.online 5 points 1 month ago

You say that, but I always leave screen sessions open