New Golang-based Crypto worm infects Windows and Linux

By Pierluigi Paganini

Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.

The worm spreads by scanning for systems and running a credential spraying brute force attack. The malware leverages a hardcoded dictionary of weak credentials for the attack, such as root:123456.


Experts pointed out that an older version of the worm also attempted to exploit CVE-2020-14882 WebLogic’s vulnerability.


The attacks observed by the experts use three files hosted on the same C&C, a dropper script (bash or powershell), a Golang binary worm, and the XMRig Miner.


The threat actors behind this campaign have been actively updating the malicious code.


Here's the article in full from SECURITY AFFAIRS: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html


11 views0 comments