Security News Researchers Found New Worm with Botnet, Ransomware, and Coinmining Abilities

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Palo Alto Networks' Unit 42 research team discovered a new malware class capable of targeting Linux and Windows servers, combining coin-mining, botnet and ransomware capabilities in a self-spreading worm package.

As detailed by Unit 42, the new malware family named Xbash is tied to the Iron Group, a threat actor previously known to perform ransomware attacks, which apparently has moved on to more complex attack vectors.

Xbash has been observed to propagate between servers using a combination of exploitable vulnerabilities and weak password brute-forcing and, unlike other ransomware, comes with data destruction features enabled by default with no restoration functionality making file recovery virtually impossible.

Moreover, Xbash's botnet and ransomware components target Linux servers by exploiting unprotected and vulnerable yet unpatched services, immediately erasing MySQL, PostgreSQL, and MongoDB databases and asking for Bitcoin ransoms to (hypothetically) restore the data.

On the other hand, Xbash's coin-mining and self-propagation modules aim for breaching Windows systems using known vulnerabilities in unpatched Hadoop, Redis, and ActiveMQ databases.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top