A threat group has been behind an active cryptojacking campaign targeting Linux-based machines. The group is known for relying on a bag of obfuscation tricks that enable them to slip under the radar. Researchers connected the gang to at least two DDoS botnets, including a Demonbot variant called chernobyl and a Perl IRC bot, with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021. The attack chain has been found to leverage Discord to report the information back to a channel under their control.
Source: https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html