![OCA-strip-logo[wht-lrg].png](https://static.wixstatic.com/media/23bc2d_5a2cca10478a44458d0d3e4a8e1e460a~mv2.png/v1/crop/x_0,y_0,w_336,h_61/fill/w_342,h_62,al_c,lg_1,q_85,enc_auto/OCA-strip-logo%5Bwht-lrg%5D.png)
New Golang-based Crypto worm infects Windows and Linux
Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.
The worm spreads by scanning for systems and running a credential spraying brute force attack. The malware leverages a hardcoded dictionary of weak credentials for the attack, such as root:123456.
Experts pointed out that an older version of the worm also attempted to exploit CVE-2020-14882 WebLogic’s vulnerability.
The attacks observed by the experts use three files hosted on the same C&C, a dropper script (bash or powershell), a Golang binary worm, and the XMRig Miner.
The threat actors behind this campaign have been actively updating the malicious code.
Here's the article in full from SECURITY AFFAIRS: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html