A newly worm written In golangbased turns windows and linux servers into miners of the cryptocurrency monerogatlanbleepingcomputer.
In a Wednesday blog post, researchers from Intezer said the worm spreads across the network to run XMRig Miner – a monero cryptocurrency miner – on a large scale. The malware then targets both Windows and Linux waitpersons and can easily maneuver from one platform to the other. It targets public-facing services such as MySQL, Tomcat admin panel and Jenkins that have weak passwords. In an older version, the worm has also attempted to exploit WebLogic’s latest susceptibility: CVE-2020-14882.
During their analysis, the researchers found that the attacker kept updating the worm on the command and control server, which indicates that it’s active and might be targeting additional weak organized services in future updates.
The attack uses three files: a dropper script (bash or powershell), a Golang binary worm, and an XMRig Miner—all of which are hosted on the same command and control server.
Security teams have been advised to use complex passwords, limit login attempts and use two-factor authentication. Intezer also says to minimize the use of public- facing services and keep software rationalized with the latest security patches. Finally, they recommend using a cloud workload protection platform to gain full runtime visibility over. The code in the company’s system and for getting alerted on any malicious or unauthorized code.
Dirk Schrader, global vice president at New Net Technologies, said that miners on servers are often viewed as a nuisance, something that security pros have to manage. However, for the attackers, especially in this case, Schrader said the potential number of systems is staggering: According to Shodan, there are 5.5 million MySQL, Tomcat, Jenkins, and WebLogic devices connected to the internet.
golangbased xmrig windows linux december
“It’s simple math, if only 0.1 percent of the systems are prone to the attack, there’s plenty of server power to use for mining and money generation, later to be used for other nefarious work by the cyber criminals,” Schrader said. “Protection against that kind of attack is done in the same way as with other types of attacks. Organizations should monitor their systems for vulnerabilities to patch them in time, control any changes happening to a server like a file being dropped and have a strong password policy in place.”
Chad Anderson, senior security researcher at DomainTools, said this new worm uses well-known exploits and password-spraying techniques to find new hosts to spread and infect. Anderson said as long as security teams are keeping their machines up-to-date, using good authentication practices, and limiting public exposure of their infrastructure this should not pose a huge threat.
“While it’s certainly alarming that there were no detections for this worm’s initial sample, that’s not surprising as Golang malware analysis tooling has still been playing a bit of catch up in the automation space,” said Anderson, adding that Golang has been on the rise for malware this last year, which he expects will continue. “We would expect that with the rise in cryptocurrency prices over the last few weeks that actors looking to cash in for a few extra dollars would cause a surge in mining malware.”
New Golang Worm Drops XMRig Miner
A new version of the popular cryptocurrency mining software, xmrig. Has been released that includes support for the Windows and Linux operating systems. This new version also includes a new mining algorithm, Monero-Gatling, that is designed to be more efficient than the previous algorithm. This inform comes just in time for the December hard fork of the Monero network. golangbased xmrig windows linux december monerogatlanbleepingcomputer
In December 2017, a new cryptocurrency mining software called Xmrig was released. Xmrig is a Golang based software that supports Windows and Linux operating systems. The software is open source and available for anyone to use. However, there have been reports that the software may be infected with malware. In response to these reports, the developers of Xmrig have released a new version of the software. That is supposed to be clean of any malware. golangbased xmrig windows linux december monerogatlanbleepingcomputer
In December 2019, a new variety of the XMRig cryptocurrency mining software was released that added support for the Windows and Linux operating systems. The software, which is open source, is available for download from the project’s GitHub page. The new version also includes support for the Monero (XMR) cryptocurrency.
Recentlt intezer investigators invented a new and self spreading golangbased malware that remains. The popularity at 2020 trend of multi platform malware. This is new cryptomining malware deeds known liabilities to deeds the victim’s properties.
Active meanwhile early December. The newly identified Golang worm boards both Windows and Linux servers and. Can effortlessly move from one platform to the other. The spell uses three files: a dropper script, a Golang-based worm, and an XMRig miner on the browbeaten service. The worm targets public facing facilities such as Jenkins, MySQL, and Tomcat management panel that have weak passwords. In addition, an older form of the worm tried to exploit the latest Oracle WebLogic remote code execution vulnerability. The malware images the network using TCP SYN to launch qualification spraying brute force attack and feasts over the network.
The recent Golang malware
A few days ago, a new multi podium credit card skimmer was noticed. Which could harvest payment info on compromised stores running on popular e-commerce platforms, including Shopify, BigCommerce, Zencart, and Woocommerce. PyMICROPSIA was identified targeting Windows, however, its code was found to have snippets that could target additional operating systems. Such as POSIX or darwin, making it a potential multi-platform threat.
With the rise in the usage of multi-platform malware. Companies are recommended to use defense in depth strategies to protect against such cyber threats. Users should use complex passwords, limit login attempts. And use multi-factor authentication to protect against such cyber-threats.