New worm turns Windows, Linux servers into Monero miners

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.

This multi-platform malware also has worm capabilities that allow it to spread to other systems by brute-forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords as revealed by Intezer security researcher Avigayil Mechtinger.

The attackers behind this campaign have been actively updating the worm's capabilities through its command-and-control (C2) server since it was first spotted which hints at an actively maintained malware.

The C2 server is used to host the bash or PowerShell dropper script (depending on the targeted platform), a Golang-based binary worm, and the XMRig miner deployed to surreptitiously mine for untraceable Monero cryptocurrency on infected devices.

"The ELF worm binary and the bash dropper script are both fully undetected in VirusTotal at the time of this publication," Mechtinger said.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top