Armed with a staggering arsenal of at least 20,000 different exploits for various Linux server misconfigurations, the malware known as “perfctl” is everywhere, annoying, and tough to get rid of.
Talk about ‘persistent’… A multipurpose and mysterious malware dropper has been terrorizing Linux servers worldwide for years, infecting untold thousands of victims with cryptomining and proxyjacking malware. A fresh analysis has exposed its secrets — and a vast treasure trove of tens of thousands of exploit paths for compromising its targets.
It’s been some time now that individuals in the US and Russia, Germany and Indonesia, Korea, China, Spain, and most everywhere in between have been reporting cases of “perfctl” (aka perfcc) eating up all their compute power.
“We’ve seen blog and forum posts over the past three or four years — maybe even longer — saying, ‘something is attacking me, I don’t know, I’m trying to kill it,’” Aqua Nautilus chief researcher Assaf Morag recalls. “There are a lot of articles describing how you kill perfctl, but people can’t kill it because it keeps hiding itself, and it’s very persistent.”
