Mirai-based NoaBot botnet deploys cryptominer on Linux servers

A new botnet, named NoaBot, has emerged that deploys cryptomining malware on Linux servers through brute-force SSH logins. Researchers found that NoaBot samples carried over 800 unique IP addresses from around the world, with China hosting 10%. The botnet originated from a modified version of the Mirai worm; however, more modern strains of the P2PInfect worm have been observed. Akamai researchers suggest that using key-based authentication can help prevent NoaBot infections.