TeamTNT, the hackers involved in this latest high-profile cyberattack, have been tracking the number of infected global devices, which totals in the thousands.
The campaign, Chimaera, which was made public yesterday by AT&T Alien Labs, has been in operation since July.
Windows users have been attacked, alongside various Linux distributions including Alpine, AWS, Docker and Kubernetes.
Many of the malware samples that researchers collected show that no viruses were detected in systems, while others showed only low detection rates.
This is worrying news for users of these systems, who are being advised to monitor network traffic, outbound port scans and unreasonable bandwidth usage for possible infection.
An innovative new open source tool was used to collect the data from devices. The tool, known as Lazagne, can work on multiple web operating systems and collects stored credentials from applications.
Ofer Caspi, a security researcher at Alien Labs, said, “The use of open-source tools like Lazagne allows TeamTNT to stay below the radar, making it more difficult for anti-virus companies to detect.”
- Wait, is Whatsapp reading our messages, or is it not?
- 50% increase in Scottish fintech SMEs as sector growth continues
- Strathclyde Uni develop low cost sensors that can detect infections
TeamTNT are a group known to focus on stealing Cloud system credentials, using infected systems for cryptocurrency mining and spreading malware to other vulnerable systems.
The hacking group used a number of different tools to complete the hack, including port scanners and systems to install bots and download files.
The tools used had the capacity to disable or uninstall security products on infected machines.
To infect Windows systems, the attackers implemented a malicious script into the device that automatically downloads all the tools needed to mine data.
Researchers have urged organisations to keep software updated and maintain minimal exposure to the internet on Linux servers.