Nothing Perfect About The "Perfctl" Malware Strain: How Can It Harm Your Organization?

January 23, 2025

Researchers have discovered a new malware strain called Perfctl, which is targeting Linux systems. This malware is particularly dangerous because it can function as a loader, a proxy, and a cryptocurrency miner.

Perfctl has been around since at least 2021 and has infected thousands of Linux endpoints. It is deployed by exploiting misconfigurations or a severe vulnerability (CVE-2023-33426) in Apache RocketMQ. Once installed, Perfctl remains hidden and persistent, making it difficult for users to remove.

The malware's primary function is to mine cryptocurrency, but it can also serve as a proxy for anonymizing traffic and as a loader to deploy other programs.

According to the source:

… it can also serve as a proxy for a commercial service, with other crooks paying to have their traffic routed through these devices and thus anonymized. Finally, the malware can serve as a loader, to deploy other programs as necessary. https://www.techradar.com/pro/security/linux-systems-are-being-hit-by-a-wide-ranging-and-dangerous-new-malware (Oct. 04, 2024).

Commentary

The source article mentions Perfctl can use your system as a "proxy for a commercial service".

Translated, that means an infected server would act as an online intermediary hiding the IP address and other identifying information of the criminal, making their online activities harder to trace. Like money laundering, it covers the tracks of the criminals so they can commit other crimes.

The harm of being a "proxy" is that it drains the performance of your system. It also could lead to your system being part of a criminal investigation from authorities as they try to crack down on an international crypto-theft ring. Either way, you want to avoid it.

Perfctl also acts as a loader. A loader is a tool that installs and runs additional malicious software on an infected system including spyware that is often used to perform sophisticated business email compromise scams. Moreover, loaders like Perfctl are preferred tools used by hackers because they allow the hackers to continually update the malware or add new functionalities without needing to reinfect the system.

This is especially concerning because as defensive mechanisms are employed to detect or eliminate malware strains, online criminals can counter by updating Perfctl and other malware downloaded by Perfctl.

The final takeaway is that malware strains like Perfctl search for crypto. That is the grand prize. However, if they do not find crypto, there is still a lot of ongoing and stealthy damage it can do to a system.

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Use Common Sense Cybersecurity To Limit Access And Exposure To Malware

A particularly nasty malware strain is reemerging, and defense models are offered to counter. We discuss one way to limit exposure that is just common sense cybersecurity.

Nothing Perfect About The "Perfctl" Malware Strain: How Can It Harm Your Organization?

"Perfctl" is a new malware strain and it is creating concern. Why is it a huge risk?

Cyberattacks On Infrastructure Are Attacks On Everyone

A cyberattack on a water utility does not make headline news, but it is an ominous warning to all businesses. We explain.


This site uses essential/technical cookies to function. Cookies allow us to provide the best experience possible and must be enabled to use this site properly. By continuing to use this site, you agree to our use of cookies. Please see our Privacy Policy or How to Enable Cookies for more information.

An error has occurred. We have been notified and are working to resolve the problem. Please return to the front page and try this action again later.

Error!

An Error has ocurred on this site.

The error has been reported to our programmers and we are working to correct it. We generally get errors fixed overnight, so please feel free to try this action again tomorrow.