ITPUB

Dec 4, 2020 · Information Security

Inside the gpg-agentd Malware that Hijacked an Alibaba Cloud Server

A detailed forensic walk‑through reveals how a disguised gpg-agentd binary compromised a CentOS server on Alibaba Cloud, using SSH key injection, malicious cron jobs, Redis abuse, and masscan scanning to spread and mine cryptocurrency.