Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Pac

Michael Lazin via plug on 29 Jan 2026 08:10:50 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages

From: Michael Lazin via plug <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
Date: Thu, 29 Jan 2026 11:10:30 -0500
Arc-authentication-results: i=1; mx.google.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Na9BuuAn6Tb72zbg59+YKl4X7um5X88ZRO9+Vz6sEtw=; fh=GBJK2tfB8sNva0pCiZt5VWWARTRJz8ghM+HatI2VsHY=; b=k7uML15kXwW0+48ZhU5FpUqVBbnpx7MPwb2wRPFdA4g/xopfgqDMhEiBY2wyTcVQlP 4HwoqmGkKaAx8iAHJNgz+251YLfY0I05005/KUMqIKGYbkw+87NqlnYh0G6CtHFXwpOX WFFPdsANRV8MkNBIOHk7HXbfbSEnP8+8RE+6pOBAIaU66cY/80Ve5Tvpi1UTr81SHxDR 1smjvEoESuGOe14G+btRjapAhNktj10vQzKrnxO9+Hf6mRg1ZeO3C7e3rjJDjuqplcNQ RImtP4uEPdkoyl/Dxh/2m55IMIVXitbEKS6wFgtrLVnqZMfkbsfgxlaz7FDrjhY+n3cZ HlPg==; darn=lists.phillylinux.org
Arc-seal: i=1; a=rsa-sha256; t=1769703044; cv=none; d=google.com; s=arc-20240605; b=kthhe+rsDHmqK1PefFJpoao8Q30418cZFT5YZiUVIkmVx2/sTtkjiu03jiA0GqkgMV kQobPaWjnquWUfhNC6qLPhEtCxPnFYglyGvWMO5qV0D8DQlrQZp3XW0RKPHZRrbsRHrs /wuTQu1mn5t3yARfhy8FcIBj11tSb/auGExsPycPHI2HcUyoiBtpsOqo1EUr5igVkwMW Uqy4SDt2Gl/gnD9jH+Jh2KsUbbh86OeFYOFfORxstgaVRl3WjLIPqG/B0EQP3WRTgwOV xfcBukvHYrQPD1lRn5B2McUUoQ61jAXD7GOtG14Jg1TopH5IXDQ5Cs9YtuvTB12aYLho iJxA==
Cc: plug@lists.phillylinux.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769703044; x=1770307844; darn=lists.phillylinux.org; h=cc:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Na9BuuAn6Tb72zbg59+YKl4X7um5X88ZRO9+Vz6sEtw=; b=jP4j1PaOXYR+6dwjm5eBRSry08La2ANMrrxPPxLKY3ym3n4Xm5wGJ8XH20gNximMUJ hBRAsOnVnW+0GS0aTXrHpcVAhPcYq0t/EUIsO2JS9HKrX+pGAJyY1/6mtGCgfy0cVKlk Ix69vazVM6TtOIr+zx7DE17u77nxdPSltXMnnoEeDtRdiGhEv+lOdvelL0Z6zUWrJke6 voR267JJXJnrQZoMWfYFZEmFIk9ZXHX5JNvjKwd6laKjqDLPOvtst4rzwD4fE1GgQ2uf qEMcT6PjNo9GEIpKIdtE2i1V+q+7HFayo26es8O80snd2OW2TCMEL/EemKpakro4ONR9 6ISA==
Reply-to: Michael Lazin <microlaser@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I’ve seen this done on Windows servers. They infect tons of them and mine Monero with cpu and count on people not looking into the cpu load.

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

On Thu, Jan 29, 2026 at 9:40 AM Walt Mankowski via plug <plug@lists.phillylinux.org> wrote:

Interesting. I would have thought that any crytomining worth doing
would use enough CPU that I'd notice it pretty quickly. But I guess
maybe if you infect enough machines, you can have each of them run at
a lower priority?

On Thu, Jan 29, 2026 at 08:29:07AM -0500, jeffv via plug wrote:
> Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
>
> https://linuxsecurity.com/news/hackscracks/crypto-stealing-malware-hits-snap-packages
>
> Several crypto-stealing campaigns are using Snap packages to land quietly on
> Ubuntu Linux systems. No exploit chains. No privilege escalation. Just
> software that looked legitimate enough to install, then stayed resident long
> enough to make money. For attackers focused on cryptomining, that´s ideal.
> CPU is consumed slowly, the system keeps working, and nothing obviously
> breaks.
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
  - From: Net Buoy via plug <plug@lists.phillylinux.org>

References:
- [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
Next by Date: Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
Previous by thread: Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
Next by thread: Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
Index(es):
- Date
- Thread