The Mexals crypto jacking campaign has been in operation since at least 2021 and continues to evolve.
A new wave of attacks started in late 2022 with new functionality including SSH worm and LAN spreader modules and improved obfuscation.
The malicious software kills competitor miners and CPU-heavy processes clears command history for defense evasion and creates a cron job for persistence.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.