The ASEC investigation team recently found that threat actors were using Linux malware that was created with the Shell Script Compiler (shc) to instal a CoinMiner. The experts think that a dictionary attack on vulnerable Linux SSH servers allowed attackers to first gain access to targeted devices.
The following is a decoded Bash shell script of the Shc virus that was disclosed by a client organisation that was the victim of an infiltration attack. XMRig CoinMiner is downloaded and installed from the currently accessible address, and it processes files downloaded from external sources.