Systems administrators are being advised to look out for compromise attempts on their servers as attackers try to plant virtual currency malware on Linux and Windows servers around the world.
Security vendor Check Point last week said it had spotted attackers scanning for vulnerable web servers running PHP and Ruby on Rails in order to plant malware on the systems.
Check Point called the attacker RubyMiner, and said the campaign tries to drop the XMrig miner for the Monero virtual currency in order to use the host system's processing power.
The vendor said it counted around 700 compromised servers in the United States and Europe as well as other countries around the world.
Security vendor Certego also separately found "a huge spike in Ruby HTTP exploiting" last week by coin mining attackers.
By monitoring the attacker's Monero wallet, Check Point found that the campaign earnt the attacker just AS$830 in one day.
To prevent the attacks, administrators should patch servers with the latest security updates, and turn off unused or abandoned instances of Linux or Windows on their network, Check Point suggested.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
