© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I'm no malware analyst but the jq binary didn't look at all out of the ordinary.
It's only 30kb which seems really tiny for something like cryptocurrency mining and returning 'mined' coins to a command and control server, but makes perfect sense for a small executable that uses libjq and libonig to do the work that it advertises itself as doing.
Not to mention that it'd only work on systems that call it in the course of doing something else.. it's not a particularly impressive target.
I'm content to say the AV vendors ought to describe why they feel this is a threat.
Thanks