Get a free advice now!

    Pick the topic

    Developer OutsourcingWeb developingApp developingDigital MarketingeCommerce systemseEntertainment systems

    Thank you for your message. It has been sent.

    Tags

    Kinsing malware (kdevtmpfsi) – how to kill

    Kinsing malware (kdevtmpfsi) – how to kill

    CHALLENGE: Apache server is working really slow. The Docker process, called kdevtmpfsi is using 100% processor and server memory.

    SOLUTION: Create a bash script to kill the process.

    Kinsing malware is targeting misconfigured Docker containers, especially redis instances (port 6379). The malware is running a linux process in the background: kdevtmpfsi, which is occupying server processor and memory. The main purpose of the virus is to set up a cryptocurrency miner. It seems that container environment attacks have been on the rise recently, with a huge spike in the number of cases in March 2020. Below, we provide a number of possible solutions to tackle the problem.

    Identify the issue

    Having root access to the server can help to find and delete the malware.
    # Check if the malicious process is running
    htop

    # Find infected files:
    find / -name kdevtmpfsi
    find / -name kinsing

    Proper fix

    Properly configured Docker with updated dependencies should resolve the issue.

    Fix solution 2

    Another solution will be to block the process from executing. This solution was described on Koacervate’s blog: https://koacervate.blogspot.com/2020/05/your-containers-cpu-usage-is-more-than.html?m=0

    Alternative solution

    If you still have the problem, we came up with an alternative solution:
    – prepare a bash script that will kill the process every 20 seconds
    – run the bash script in the background

    Bash script

    # /root/scripts/ctKillProc.sh
    #!/bin/sh
    # do what you need to here
    while true; do
    processId=$(ps -ef | grep ‘kdevtmpfsi’ | grep -v ‘grep’ | awk ‘{ printf $2 }’)
    echo $processId
    kill -9 $processId
    echo “[“`date +%Y%m%d%H%M`”] kdevtmpfsi killed.”
    sleep 20
    done
    exit 1

    Run the script in the background

    nohup sh /root/scripts/ctKillProc.sh &

    Now, the script will be executing in the background solving your Kinsing malware problem even if you close shell connection,.
    Script logs can be found in the nohup.out file.

    More info on Kinsing:
    https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/
    https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability

    Do you need someone to implement this solution for you? Check out our specialists for hire in the outsourcing section.

    Are you considering a global project and are uncertain how to proceed? See how we do it.

    Comments
    1 response
    1. Thank you for this script. I am running it now and the few steps you have given here are better than anything I have found on the web thus far to kill this malware.

    Add comment

    Your email address will not be published. Required fields are marked *

    Popular news

    A simple JavaScript typewriter effect tutorial
    • Dev Tips and Tricks

    A simple JavaScript typewriter effect tutorial

    November 22, 2023 by createIT
    WP-HistographAI: reviving history with AI on WordPress
    • Dev Tips and Tricks

    WP-HistographAI: reviving history with AI on WordPress

    November 21, 2023 by createIT
    Update Excel files on OneDrive with Node.js, MS Graph
    • Dev Tips and Tricks

    Update Excel files on OneDrive with Node.js, MS Graph

    November 20, 2023 by createIT
    Popup Visits Plugin: engage your visitors on their X visit!
    • Dev Tips and Tricks
    • Technology

    Popup Visits Plugin: engage your visitors on their X visit!

    November 17, 2023 by createIT
    The most popular eCommerce technologies among top players
    • Technology
    • Trends

    The most popular eCommerce technologies among top players

    October 26, 2023 by createIT
    BaseLinker: the tool, challenges and BaseLinker alternatives
    • Technology
    • Trends

    BaseLinker: the tool, challenges and BaseLinker alternatives

    October 25, 2023 by createIT
    The power of popups: why every WordPress site needs one
    • Technology
    • Trends

    The power of popups: why every WordPress site needs one

    October 24, 2023 by createIT
    AI pet Personality Quiz: revealing your pet’s unique traits
    • Dev Tips and Tricks
    • Technology

    AI pet Personality Quiz: revealing your pet’s unique traits

    October 23, 2023 by createIT
    Cart Abandonment Rate – Report 2023
    • Trends

    Cart Abandonment Rate – Report 2023

    October 20, 2023 by createIT

    Support – Tips and Tricks
    All tips in one place, and the database keeps growing. Stay up to date and optimize your work!

    Contact us