Kinsing/(kdevtmpfsi) Cryptomining Attack and Cleanup

ByHenry Neufeld October 30, 2024

Due to a remote execution flaw in CyberPanel, I had to clean up after this attack. The most useful site I found was Kinsing malware (kdevtmpfsi) – how to kill on CreateIt. The instructions there are useful. Don’t forget to do the full search, as if you have any “kinsing” files left, they’ll get things started all over again. I’m posting this primarily to add a link to their post with the appropriate keywords to help others find it. It’s not directly related to CyberPanel, so I hope having this link will help someone.

The directories used in my case were /etc, /etc/data, /dev/shm, and /tmp.

CyberPanel has issued an update. I had to clean up the crypto issue before updating, but after the update everything got back to normal.

A number of people were attacked by ransomware encryption. That is the problem with remote execution flaws.

Computer Security

Basic Malware
ByHenry Neufeld July 28, 2011

I’m writing this article so that I can refer callers to it. It’s going to be very, very basic. I’ve been getting calls from people who have been referred by my clients, generally with serious malware issues on their computers. When I look at the machine I invariably find that there is a fairly simple…

Read More Basic Malware
Computer Security | E-mail

AI Enhanced Scam Emails
ByHenry Neufeld March 14, 2024

In a number of webinars I’ve attended this year on information security, I have been alerted to the changes AI is making to email scams. Background Email is the most effect tool for attack that hackers have, because if an email looks like it is from a particular company or from someone known to the…

Read More AI Enhanced Scam Emails
Computer Security | Firefox

Firefox Vulnerability
ByHenry Neufeld November 30, 2016

I just got notice of a vulnerability in Firefox from Wordfence. I have no original information, but I have generallly found that the Wordfence people provie good information. I will post a comment here (an a note at the top of this post) when this vulnerability has been fixed. The one way to avoid the…

Read More Firefox Vulnerability
Computer Security

Link: Securing a Linux Server
ByHenry Neufeld June 12, 2021June 12, 2021

This article gives key elements. I also recommend using additional AV software, especially if you are hosting WordPress or other CMS accounts. Imunify360 is a good option.

Read More Link: Securing a Linux Server
Computer Security

Link: Gmail Phishing Technique
ByHenry Neufeld January 12, 2017January 12, 2017

Whether or not you use gmail, you should read this. The article is from Wordfence, which primarily does WordPress security, but they have previously published excellent work on other attacks, and every word of their advice is good. In particular, the advice to carefully read your address bar to make sure you are where you…

Read More Link: Gmail Phishing Technique
Computer Security

A Scam Email
ByHenry Neufeld May 21, 2021

Several people have asked me very recently about scam emails. I don’t mind being asked, but there are some signs you should look at. I’m going to include a partial screenshot here. Here are several key signs: Lousy grammar. I’ve underlined a couple of items. Valid emails can have grammatical errors, but this sounds like…

Read More A Scam Email

One Comment

Henry Neufeld says:

October 31, 2024 at 6:51 am

Here’s an additional valuable link to help check this and related issues. You need to be certain your server is clean after the update.

https://community.cyberpanel.net/t/critical-security-alert-vulnerable-cyberpanel-instance-detected-on-your-network/56021

Reply

Similar Posts

One Comment

Leave a ReplyCancel reply