top of page

New Golang-based Crypto worm infects Windows and Linux

Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.

The worm spreads by scanning for systems and running a credential spraying brute force attack. The malware leverages a hardcoded dictionary of weak credentials for the attack, such as root:123456.

Experts pointed out that an older version of the worm also attempted to exploit CVE-2020-14882 WebLogic’s vulnerability.

The attacks observed by the experts use three files hosted on the same C&C, a dropper script (bash or powershell), a Golang binary worm, and the XMRig Miner.

The threat actors behind this campaign have been actively updating the malicious code.

33 views0 comments


bottom of page