Malicious proces on Ubuntu via crypto wallets: Rpigdnos

[samspaces]

I've managed to clear my digital ocean droplet of this little bastard program that eats up 100% cpu and restarts itself through parent process 1:

I created another older droplet, copied the /sbin/init to the infected droplet, removed the init file, deleted the program Rpigdnos in /bin, overwrote /sbin/init with the clean version and rebooted.

Likely wallet is Rublebit. Not sure though.

17-11 Update: not a crypto wallet issue, probably.

[1715687486]

1715687486

[1715687486]

1715687486

[MbccompanyX]

Which other wallets you have on the machine? and what let you think that rublebit is the source of the malicious process?

[notabeliever]

Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install  99% of the wallets that are clean from virustotal.

[LucyLovesCrypto]

Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install  99% of the wallets that are clean from virustotal.

I don't have the answer but want to say that virustotal can miss things. Use a VM unless you trust the software 100%

[MbccompanyX]

Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install  99% of the wallets that are clean from virustotal.

I don't have the answer but want to say that virustotal can miss things. Use a VM unless you trust the software 100%

Or use sandbox with process explorer, sometimes is even better then using a virtual machine (some viruses have part of the code made for stop the execution if launched in a virtual machine)

[samspaces]

I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

[MbccompanyX]

I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process

[HeroCat]

Yes, that's true. In Linux you can never be safe from viruses  Only in Windows, you can have protection through anti virus software 

[MbccompanyX]

Yes, that's true. In Linux you can never be safe from viruses  Only in Windows, you can have protection through anti virus software 

There are antiviruses even on linux but aren't so know like windows antivirus, But even mac os isn't safe from viruses at the end too

[samspaces]

I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process

I have, a few hours ago. None of the suspected wallets triggered the program.

[MbccompanyX]

I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process

I have, a few hours ago. None of the suspected wallets triggered the program.

Then close the whole thread and go in the rublebit thread telling sorry for raising such thing against the dev, and anyway next time check better what you download from websites you don't know....