[GRLUG] htop issue

Grand Rapids Linux Users Group grlug at grlug.org
Wed Jan 11 17:37:30 EST 2023

Figure out what user the script is running under.
Look at the home directory and see if there is an executable named `htop`
in there, because I wouldn't normally expect to see it there.
I'm quite confident someone uploaded a crypto miner and renamed it `htop`
as to disguise it.

Regarding the IP address, that IP resolves to the domain
name mine.zpool.ca which IS a crypto mining service.
More on that IP available here:

On Wed, Jan 11, 2023 at 5:27 PM Grand Rapids Linux Users Group <
grlug at grlug.org> wrote:

> On Wed, 11 Jan 2023, Grand Rapids Linux Users Group wrote:
> > Looks like crypto mining scripts running on your machine.
> >
> Plausible, .. how would one locate them? Don't see anything weird in ps.
>         TFTR!
> --
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://shinobu.grlug.org/pipermail/grlug/attachments/20230111/0de9d6b7/attachment.htm>

More information about the grlug mailing list