Posted by Mumbai: Cryptominer malware Golang – a new malware is targeting Windows and Linux machines, according to Barracuda Researchers. The new cryptominer malware Golang is aiming at mining the Monero cryptocurrency using a known miner, XMRig.
While the volume is still low, Barracuda researchers have recognised only seven IP addresses linked to this new cryptominer malware Golang so far are all China-based.
Malware Golang first surfaced around mid-2018 and has continued its illusive journey throughout the past two years. However, Golang has managed to remain illusive to such an extent that its name hasn’t emerged in threat landscape more often.
Golang focuses on attacking web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL, instead of targeting the end-users.
While the old malware variants have targeted only Linux machines, the Golang variation is attacking Windows machines using a new pool of exploits like Oracle WebLogic, ElasticSearch, Drupal, Hadoop and IoT devices.
For example, some of the included malware exploits are targeting the ThinkPHP web application framework, which is popular in China. Like other malware groups, research assume that this malware will keep evolving, employing more and more exploits.
Once the malware Golang infects a machine, it downloads the files like an Init/update script, a miner, a watchdog, a scanner, and a config file for the cryptominer, based on the platform it is attacking. For Windows machines, the malware also adds a backdoor user.
“Malicious actors are once again turning to malware Golang since it is not commonly tracked by antivirus software. As it targets vulnerable servers, it is still a top threat vector that cybercriminals look to exploit,” said Fleming Shi, CTO – Barracuda Networks.
“However, we can defend organisations against this malware by monitoring the endpoints for suspicious activity as well as the surge in CPU usage, which is associated with most cryptominers. The threat of any future cryptojacking attack can be minimised by setting up vigorous, regularly tested incident response plans,” added Shi.
Here are few important steps that can help to protect servers against this new cryptominer malware Golang:
- Many organisations tend to overlook application security. It is necessary for them to have a web application firewall in place and properly configured as the new Golang malware spreads by scanning the internet for vulnerable machines.
- As cybercriminals are always scanning for vulnerabilities to exploit, businesses should be well informed with security patches and updates to stay ahead of these threats
- Being aware of how this malware variant works can help organisations monitor their Windows and Linux servers for such type of malicious activity and take quick actions. For that, they should have a solution in place and a trained security team to identify the warning signs.