TLDR: perfctl is a crypto mining and proxy jacking malware that exploits about 20’000 common missconfigurations to install itself on Linux servers. Mostly using a 10/10 CVE on Apache RocketMQ.

It is very persistent and can reinstall itself even when you have deleted all the perfctl and perfcc files. It hides itself by removing logs, network packets, and stopping all activity once you login to the machine.

Monitoring cpu usage using tools (I use net data on my server) can help identify infections (100% cpu usage when « idle »).

    • LeLachs@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      2 months ago

      Sounds pretty scary to me. The thing has full control over your computer (if infected) and is nearly undetectable.

        • Mwa@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 months ago

          Ig this was for linux servers nvm I didn’t read it correctly it’s actually quite scary