Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.
the NoaBot targets weak passwords connecting SSH connections.
Harden your configs people.
AllowUsers is a really goood one.
Or just don’t allow password auth at all.
Or just have a good password
If we’re going to play that game. Require an Ed25519 key with a strong password.
Or ed25519-sk.
(In this case the “wrench” is just breaking into some weak link that isn’t ssh, once your password is strong to not be a weak link)
Akamai has published an extensive library of indicators that people can use to check for signs of NoaBot on their devices (https://github.com/akamai/akamai-security-research/tree/main)
GCs those Akamai folks…
What does GC stand for? https://www.acronymfinder.com/Slang/GC.html
Good cunts - it’s originally an Aussie term of endearment, as far as I’m aware
What does GC stand for?
Girthy Cocks maybe?
As a compliment, u noe?
Like saying they have Balls of Steel.Garbage Collection
Game Cube
In this context i’m going with Game Chick from that list, because none make sense to me.
here’s a link to the script. its nothing fancy, but makes it easy to check: https://github.com/akamai/akamai-security-research/blob/main/malware/noabot/noabot_detect.sh
here’s a link to the script.
“MagicPussy” doesn’t sound that bad. 😏
Very poor title, like someone’s just got their “Big Book of Clickbait”
Everything is under attack all the time, and everything is never-before-seen until it’s seen.
I love how in security, we have gone from “use strong passwords” to “don’t make your own passwords”, because people will just refuse to learn.