A new variant of the crypto-miner malware ‘Golang’, is targeting Windows and Linux machines, according to researchers at Barracuda Networks, the trusted partner and leading provider for cloud-enabled security solutions.
Instead of targeting end-users, this new malware attacks servers, targeting web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL. Its main goal is to mine Monero cryptocurrency using a known miner, XMRig. The malware spreads like a worm, searching, and infecting other vulnerable machines.
Barracuda researchers also revealed that, once the malware infects a machine, it downloads a number of dangerous files, which are customised based upon the platform being attacked. The attacks follow the same playbook, though, including an initial payload, an update script, a miner, a watchdog, a scanner, and a config file for the cryptominer. For Windows machines, the malware also adds a backdoor user.
Fleming Shi, CTO, Barracuda Networks comments:
“The landscape of cybercrime is always adapting and changing, and it takes a vigilant and secure approach to IT to combat harmful malware and cyber scams.
“Defending against this new form of cybercrime starts with making sure you have a properly-configured web application firewall in place – this will protect machines against an abundance of malicious internet software, application, and threats.
“Next, staying up to date on patches will ensure there are no exploitable vulnerabilities for a cybercriminal to capitalise on. And finally, monitoring systems for suspicious activity in a business environment will be extremely helpful in remediating any attacks as soon as they target your servers or end-users.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.