A malware Trojan dating back to the days before the release of major cryptocurrencies has been modified by hackers looking to install illicit mining software. According to Threat Stack, an information security firm based in New England, this updated malware is being used by hackers who wish to mine Monero, a digital currency known for its strong privacy and obfuscation features, and it also locates other miners in an effort to shut them down.

The current version of Shellbot has various malicious features such as brute-force password cracking, surreptitious installation, silent mining, remote code execution, and the detection of peer malware. Shellbot connects to an Internet Relay Chat server where hackers can monitor its activity and issue remote commands, one of the most interesting being the termination of mining processes. Threat Stack researchers further informed that Shellbot has been modified to carry out several dangerous tasks, including data theft, cyber vandalism, ransomware, and data destruction.

Shellbot mostly looks for Linux servers because they vastly outnumber other server configurations. The first discovered version of this malware appears to be mining about $300 worth of Monero, a digital currency token that trades under the symbol XMR. This Trojan also has traditional computer virus functionality, which means that it can replicate across networks; however, remote access ability makes it even easier for attackers to install additional crypto miners.

Cryptojacking is the name given to a fairly new cyber threat that involves the installation of malicious code for the purpose of mining cryptocurrencies. When this threat was first discovered a couple of years ago, most of the cryptojacking instances attempted to mine Ethereum, but Monero soon took over as the preferred token. Whereas Bitcoin used to be the favorite digital currency in underground circles, Monero soon took over because of its anonymity and plausible deniability methodology.

In the current trend of malware miners, hackers have largely moved away from targeting individual computers; the new focus seems to be on enterprise servers with greater bandwidth so that mining operations can be more productive. Windows servers are less likely to be targeted at this time, but this is something that could change anytime.