News Security experts claim new 'Perfctl' malware could pose a risk to any Linux server

[Admin]

"Perfctl" malware targets any Linux server and serves as an extreme threat to all unsecured server operators.

Security experts claim new 'Perfctl' malware could pose a risk to any Linux server : Read more

 

[bit_user]

It's also difficult to properly detect the hijacked processes when diagnosing impacted servers. It can hide its crypto mining activity from you entirely, throwing back CPU utilization numbers that omit its activity.

Two things it can't hide are its power utilization/thermals and its network traffic. By its very nature, crypto is going to place a load on the CPUs/GPUs and that will generate heat. If a server is running hot or spinning up its fans under no apparent load, then I'd be mighty suspicious.

 

[wakuwaku]

Two things it can't hide are its power utilization/thermals and its network traffic. By its very nature, crypto is going to place a load on the CPUs/GPUs and that will generate heat. If a server is running hot or spinning up its fans under no apparent load, then I'd be mighty suspicious.

The problem is Tom's AI has failed us once again. If you read the source blog post, you would see this statement on how to figure out if you might be infected by perfctl:

Detection of “Perfctl” Malware​

To detect Perfctl malware you look for unusual spikes in CPU usage, or system slowdown if the rootkit has been deployed on your server. These may indicate cryptomining activities, especially during idle times.

If the malware is throwing out false CPU utilization, why would the authors of the source tell people to look for spikes in CPU usage? There is NO mention of false CPU utilization numbers anywhere on the source article.

In fact, reading an article written by a competent human instead of an AI summarized copy and paste on Ars Technica reveals an example of a user experience, which was also quoted by the source blog post:

“I only became aware of the malware because my monitoring setup alerted me to 100% CPU utilization,” the admin wrote in the April 2023 post. “However, the process would stop immediately when I logged in via SSH or console. As soon as I logged out, the malware would resume running within a few seconds or minutes.”

The malware is making itself hard to find, not giving out false CPU usage at all. Just monitor for CPU usage as usual. Why listen to Tom's AI?

 

[bit_user]

The problem is Tom's AI has failed us once again. If you read the source blog post, you would see this statement on how to figure out if you might be infected by perfctl:
...
The malware is making itself hard to find, not giving out false CPU usage at all. Just monitor for CPU usage as usual. Why listen to Tom's AI?

FWIW, I correct articles on here all the time and I have since as far back as I can remember, many years before generative AI tools existed. I don't understand why you feel compelled to go the extra step of casting aspersions by implying the article was AI-written. I know this author fervently decries AI-generated content, although that's not proof he's not using it in some capacity. I just think it's unnecessary to extend your criticism that far.

Leaving aside the issue of AI, thank you for the informative and well-sourced correction.