Malware found in /home/username/.local/share/containers/storage/overlay

sibony88

• March 12, 2025 07:32

hi,
Hi, Imunify360 found and cleaned these viruses, It is in all accounts folders.

is it 

/home/username/.local/share/containers/storage/overlay/a483da8ab3e941547542718cacd3258c6c705a63e94183c837c9bc44eb608999/diff/usr/bin/fincore

/home/username/.local/share/containers/storage/overlay/a483da8ab3e941547542718cacd3258c6c705a63e94183c837c9bc44eb608999/diff/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.1

/home/username/.local/share/containers/storage/overlay/a483da8ab3e941547542718cacd3258c6c705a63e94183c837c9bc44eb608999/diff/usr/libexec/coreutils/libstdbuf.so

How can I check where it came from because it seems to me to have come from the server?

• 

  cPRex Jurassic Moderator

  • March 12, 2025 13:56

  Hey there!  Various tools can create the /home/username/.local/share directory on the system, sot he presence of that directory itself doesn't indicate an issue.

  If this was all under one cPanel account it could be that account was compromised in some way.  I would start by checking the access logs in /usr/local/cpanel/logs/access_log to see if there are any unrecognized accesses to that cPanel account.

  0

Please sign in to leave a comment.