top of page

New Golang-based Crypto worm infects Windows and Linux

Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.

The worm spreads by scanning for systems and running a credential spraying brute force attack. The malware leverages a hardcoded dictionary of weak credentials for the attack, such as root:123456.


Experts pointed out that an older version of the worm also attempted to exploit CVE-2020-14882 WebLogic’s vulnerability.


The attacks observed by the experts use three files hosted on the same C&C, a dropper script (bash or powershell), a Golang binary worm, and the XMRig Miner.


The threat actors behind this campaign have been actively updating the malicious code.



33 views0 comments

Comments

Couldn’t Load Comments
It looks like there was a technical problem. Try reconnecting or refreshing the page.
bottom of page