Safety researchers have found a brand new malware that installs a reputable cryptocurrency mining program on poorly secured Home windows and Linux servers.
Intezer’s Avigayil Mechtinger, who focuses on malware evaluation, has been monitoring the multi-platform worm that installs XMRig Miner to mine the Monero cryptocurrency since early December.
Based on Mechtinger, the worm targets public going through MySQL, Tomcat, and Jenkins installations which have weak passwords.
Lively and mutating
Explaining the workflow of the worm, Mechtinger writes that the worm scans for Tomcat, Jenkins, and MySQL providers with open ports after which brute-forces its method inside. It then delivers a loader script on the compromised server that’ll drop and run the XMRig Miner.
An earlier model of the worm additionally tried to take advantage of the most recent vulnerability in WebLogic (CVE-2020-14882). Throughout Mechtinger’s evaluation, the attacker stored updating the worm on the Command and Management (C&C) server. This means “that it’s energetic and is perhaps concentrating on further weak configured providers in future updates,” she writes.
In her report, Mechtinger notes that the worm’s code is “practically similar” for each Home windows and Linux targets, which to her “demonstrates that Linux threats are nonetheless flying beneath the radar for many safety and detection platforms.”
Word that this newest worm follows the invention of the PgMiner worm, which exploited a disputed vulnerability in PostgreSQL servers operating on Linux to put in a cryptocurrency miner.
Mechtinger additionally makes word of one other development: “In 2020, we noticed a noticeable development of Golang malware concentrating on completely different platforms, together with Home windows, Linux, Mac and Android. We assess with excessive confidence that it will proceed in 2021.”