Nothing Perfect About The "Perfctl" Malware Strain: How Can It Harm Your Organization?

January 23, 2025

Researchers have discovered a new malware strain called Perfctl, which is targeting Linux systems. This malware is particularly dangerous because it can function as a loader, a proxy, and a cryptocurrency miner.

Perfctl has been around since at least 2021 and has infected thousands of Linux endpoints. It is deployed by exploiting misconfigurations or a severe vulnerability (CVE-2023-33426) in Apache RocketMQ. Once installed, Perfctl remains hidden and persistent, making it difficult for users to remove.

The malware's primary function is to mine cryptocurrency, but it can also serve as a proxy for anonymizing traffic and as a loader to deploy other programs.

According to the source:

… it can also serve as a proxy for a commercial service, with other crooks paying to have their traffic routed through these devices and thus anonymized. Finally, the malware can serve as a loader, to deploy other programs as necessary. https://www.techradar.com/pro/security/linux-systems-are-being-hit-by-a-wide-ranging-and-dangerous-new-malware (Oct. 04, 2024).

Commentary

The source article mentions Perfctl can use your system as a "proxy for a commercial service".

Translated, that means an infected server would act as an online intermediary hiding the IP address and other identifying information of the criminal, making their online activities harder to trace. Like money laundering, it covers the tracks of the criminals so they can commit other crimes.

The harm of being a "proxy" is that it drains the performance of your system. It also could lead to your system being part of a criminal investigation from authorities as they try to crack down on an international crypto-theft ring. Either way, you want to avoid it.

Perfctl also acts as a loader. A loader is a tool that installs and runs additional malicious software on an infected system including spyware that is often used to perform sophisticated business email compromise scams. Moreover, loaders like Perfctl are preferred tools used by hackers because they allow the hackers to continually update the malware or add new functionalities without needing to reinfect the system.

This is especially concerning because as defensive mechanisms are employed to detect or eliminate malware strains, online criminals can counter by updating Perfctl and other malware downloaded by Perfctl.

The final takeaway is that malware strains like Perfctl search for crypto. That is the grand prize. However, if they do not find crypto, there is still a lot of ongoing and stealthy damage it can do to a system.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Does Busy Work Drain Employee Productivity? You Make The Call

Two surveys reveal that busy work is keeping workers down. Is that the case with your organization? You make the call and join the conversation.

More Sophisticated Phishing Tactics Are Increasing Cyber Risks

Phishing is finding a higher percentage of victims. We examine and provide common phishing schemes.

Negligent Supervision Claims And Patient Exploitation

A victim claims a nurse practitioner sexually assaulted them under the guise of providing medical treatment. We examine the claim and provide some insight into negligent supervision claims.

The Macy's Mystery Has People Asking: What Fraud Was Committed?

Macy's reports a $154M loss was uncovered within its shipping department. We look at the facts and the mystery that surrounds this historic loss.

Should Employers Focus More On Worker's Personal Fulfillment? You Make The Call

Sixty-six percent of surveyed workers regret their career choices. Should employers focus on worker's personal fulfillment? You make the call and join the conversation.