A detailed forensic walk‑through reveals how a disguised gpg-agentd binary compromised a CentOS server on Alibaba Cloud, using SSH key injection, malicious cron jobs, Redis abuse, and masscan scanning to spread and mine cryptocurrency.
A detailed forensic walkthrough reveals how a compromised CentOS server was hijacked via a disguised gpg-agentd process, leveraged cron jobs to download malicious scripts, abused Redis for persistence, and used masscan for rapid scanning, followed by practical security recommendations to harden servers and Redis instances.
A detailed forensic walk‑through reveals how a compromised Alibaba Cloud server was seized via a weak root password, a disguised gpg-agentd binary, malicious cron jobs, and Redis configuration abuse, ultimately enabling password‑less SSH access and large‑scale network scanning for cryptocurrency mining.
