New Golang-based Crypto worm infects Windows and Linux
Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.
The worm spreads by scanning for systems and running a credential spraying brute force attack. The malware leverages a hardcoded dictionary of weak credentials for the attack, such as root:123456.
Experts pointed out that an older version of the worm also attempted to exploit CVE-2020-14882 WebLogic’s vulnerability.
The attacks observed by the experts use three files hosted on the same C&C, a dropper script (bash or powershell), a Golang binary worm, and the XMRig Miner.
The threat actors behind this campaign have been actively updating the malicious code.
Here's the article in full from SECURITY AFFAIRS: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Comments