Trending Articles

News

New Golangbased Windows Linux December Monerogatlanbleepingcomputer

Introduction

New Windows December Monerogatlanbleepingcomputer – As per the study by www.bleepingcomputer.com, A newly discovered and self-popularity Golang-based malware has also been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.

Hence, this multiple-platform malware also has worn capabilities that allow it to spread to other systems by brute forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords. The attackers behind this campaign have been actively updating the worm’s capabilities through its command and control server since it was first spotted, which hints at an actively maintained malware.

Additionally, C2 servers host bash or PowerShell dropper script (depending on the target platform), a Golang-based binary worm, and XMRig miners implemented to surreptitiously my untraceable Monero cryptocurrency on infected devices. The ELF worm binary and bash dropper script have not been detected on VirusTotal at the time of this post.

New Windows December Monerogatlanbleepingcomputer

New Windows December Monerogatlanbleepingcomputer

As per the research by www.techmeme.com, a New Golang-based worm has been actively launching XMRigs cryptocurrency malware on Windows and Linux servers since early December, mining Monero: A newly discovered, self-propagating Golang-based malware has been actively launching XMRig cryptocurrency miners on Windows servers and Linux since the beginning of December. December.

New Windows December Monerogatlanbleepingcomputer – The fact that the worm code is almost identical for both PE and ELF malware, and that ELF malware goes undetected by VirusTotal, demonstrates that Linux threats continue to go undetected by most security and detection platforms,” he added. Mechtinger.

Hence, To defend against brute force attacks launched by this new cross-platform worm, you should limit logins and use hard-to-guess passwords on all services exposed to the Internet, as well as two-factor authentication wherever possible.

New Golangbased Xmrig Windows December Monerogatlanbleepingcomputer

New Golangbased Xmrig Windows December Monerogatlanbleepingcomputer

As per the study by www.hackread.com, The Multi-platform malware is a bit more dangerous than others, as it could infect multiple operating systems simultaneously. An example of one of the latter is Golang-based malware.

New Windows December Monerogatlanbleepingcomputer – The new Goland Based XMRig malware has been actively installing. The XMRig miner on Windows and Linux servers since early December 2020 to mine cryptocurrency.

However, These servers that Monero Gatlan Bleeping computer are targeted based on the facts. That they are facing the public in the form of MySQL databases or Tomcat admin panels. For example, combined with poor security practices.

Discovered by cybersecurity researchers at Intezer, The malware operates with the help of 3 main files that reside on a C2 server:

  • A Bash or Powershell-based script to remove the malware
  • A Golang-based binary worm
  • The XMrig miner itself

So, Since the first 2 (the ones for the Linux version) have not been detected by virus scanning platforms like VirusTotal, it shows us that it has successfully bypassed security filters.

New Xmrig Windows Linux December Monerogatlanbleepingcomputer

New Xmrig Windows Linux December Monerogatlanbleepingcomputer

A new worm written in Golang turns Windows and Linux servers into miners for the Monero cryptocurrency.

According to the study by www.scmagazine.com, In a blog post on Wednesday, Intezer researchers said the worm spreads through the network to run XMRig Miner, a monero cryptocurrency miner, on a large scale. The malware targets Windows and Linux servers and can easily manoeuvre from one platform to another. It targets public services like MySQL, Tomcat admin panel, and Jenkins with weak passwords. In an earlier version, the worm also attempted to exploit the latest WebLogic vulnerability: CVE-2020-14882.

Furthermore, During their analysis, the researchers discovered that the attacker kept updating the worm on the command and control server. Indicating that it is active and could target additional weak configured services in future updates.

Hence, the attack uses three files: a dropper script (bash or powershell), a Golang binary worm. And an XMRig Miner, all hosted on the same command and control server.

Golangbased Xmrig Windows Linux December Monerogatlanbleepingcomputer

Golangbased Xmrig Windows Linux December Monerogatlanbleepingcomputer

As per the study by www.securityaffairs.co, the experts from Intezar discovered a new, self-spreading Golangbased malware that targets windows and Linux servers. So, the malware was actively seen in December, targeting public services. However, MySQL, Tomcat admin panel and Jenkins are protects with weak passwords.

So, the worm spreads by scanning the systems and running credentials, spraying brute force attacks. The malware leverages a hardcoded dictionary with weak credentials for the attack.

However, Experts pointed out that the older version of the worm also attempted to exploit the CVE-2020-14882 WebLogic vulnerability. Hence, the attacks observed by the experts use three files hosted on the same C&C, a dropper script (bash or powershell), a Golang-binary worm, and the XMRig Miner. The threat actors behind this campaign have been actively updating the malicious code.

The experts detailed the attack chain for Linux and Windows servers. And they also provided the following list of precautions to prevent brute force attacks and vulnerability exploitation:

  • Use complex passwords, limit login attempts, and 2FA (two-factor authentication) if possible.
  • Minimize your use of utilities.
  • So, to keep your software up to date with the latest security patches.
  • Use a Cloud Workload Protection Platform (CWPP) such as Intezer Protect to get complete runtime visibility into the code in your system and receive alerts on any malicious or unauthorized code. We have a free community edition

Conclusion

In my content, I want to describe that New Windows December Monerogatlanbleepingcomputer. New Golang-based worm has been actively launching XMRigs cryptocurrency malware on Windows and Linux servers since early December, mining Monero. A newly discovered, self-propagating Golang-based malware has been actively launching XMRig. Cryptocurrency miners on Windows servers and Linux since the beginning of December.

Also Read: Actzero 40m Point72 Smbslundentechcrunch

Related Searches:

Bleeping computer

Bleeping computer downloads

Astralocker

Bleeping computer ransomware

Bleeping computer combofix windows 10

The hacker news

Bleeping computer adwcleaner

Is bleepingcomputer safe reddit

Bleeping computer downloads

Computer kill Bleeping

The hacker news

Bleeping computer ransomware

Bleeping computer twitter

computer security Bleeping

Bleeping computer ransomware

Cyber security news

Bleeping computer downloads

Computer Twitter Bleeping

Bleeping computer rss

The hacker news

Computer combofix windows 10 Bleeping

Bleeping computer malwarebytes

Related posts