ssh security

Efficient Ops

May 20, 2019 · Information Security

How a Hidden gpg-agentd Malware Hijacked an Alibaba Cloud Server

After a routine morning, the author discovers an Alibaba Cloud server frozen due to malicious outbound traffic, then traces a sophisticated malware chain involving a disguised gpg-agentd process, malicious cron jobs, compromised SSH keys, Redis exploitation, and mass scanning, culminating in detailed forensic analysis and security recommendations.