One of the biggest problems in the technology world is… viruses and malware continues to threaten virtually every type of device. Finally AquaNautilus researchers,”perfectHe revealed a virus called ” has been active for three years appeared.

According to researchers, this virus has been millions of Linux servers affected and likely causing problems for thousands of others. The reason why Perfctl has not been found so far is its high protection against evasion and the use of rootkits. Numerous victim reports on the issue have surfaced on forums.

Aims to mine crypto

According to Aqua Nautilus’ statement, the main target of this virus is cryptocurrency mining to do. It is thought that this virus was created by people who wanted to mine the cryptocurrency called Monero through the affected servers, which is very difficult to track. However, it is stated that the virus can also be used to damage servers.

According to researchers, attackers incompatible configurations and they can compromise Linux servers by exploiting previously discovered vulnerabilities. It is stated that the reason for the incompatibilities in the configurations could be publicly accessible files containing previously disclosed login information. Researchers also say that the vulnerabilities CVE-2023-33246 and CVE-2021-4034 were also used by attackers.

Then this virus make copies of files in folders starts and can thus be protected from antivirus scanning or cleaning. Then it starts doing other mining via TOR. To be protected from this virus, continuously inspect /tmp, /usr and /root, monitor CPU usage, examine the ~/.profile, ~/.bashrc and /etc/ld.so.preload files and check TOR based file traffic and it is recommended to ban IP addresses associated with the known virus.