윈도우즈, 리눅스 서버를 XMRig Miner로 감염시키는 Golang 멀웨어

newsroom 1/2 '21 posted 뉴스 IT

• 새로 발견되고 자체 확산되는 Golang 기반 악성 소프트웨어는 12월 초부터 윈도우와 리눅스 서버의 XMRig 가상화폐 광부들을 적극적으로 투하하고 있습니다.

• 이 서비스는 MySQL, Tomcat 관리 패널 및 Jenkins와 같은 약한 암호를 사용하는 공개 서비스를 대상으로 합니다.

• 분석 중, 연구원들은 공격자가 명령 및 제어 서버에서 웜을 계속 업데이트한다는 것을 발견했습니다. 웜은 활성 상태이며 향후 업데이트 시 취약한 추가 서비스를 대상으로 할 수 있습니다.

New worm turns Windows, Linux servers into Monero miners [www.bleepingcomputer.com]

New Golang worm turns Windows and Linux servers into monero miners [www.scmagazine.com]

Windows and Linux servers turned into crypto miners [www.techradar.com]

Golang malware infecting Windows, Linux servers with XMRig miner [www.hackread.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

1/2 '21 answered

A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.https://t.co/cOxAq43o7k
— Adam Levin (@Adam_K_Levin) December 30, 2020

Typical FUD from clueless and/or dishonest media looking to blame "Linux" (or make it look as awful as back-doored Windows) because some admins misconfigure stuff or choose terrible passwords https://t.co/Dnts9mshfY
— Dr. Roy Schestowitz (罗伊) (@schestowitz) January 1, 2021

New #Golang worm drops XMRig on Windows and Linux servers. FUD in VirusTotal.
Targets WebLogic, Tomcat, Jenkins and MySQL using vulns. For example - attempted to exploit WebLogic’s CVE-2020-14882.

Full IOCs here - https://t.co/7gsRk5GmA6 @AbbyMCH ? pic.twitter.com/4Z4DkuQALZ
— Ari Eitan (@arieitan) December 29, 2020

Early bird catches the Golang worm.

New #Golang worm drops #XMRigMiner on Windows and Linux servers. Targets public facing services: MySQL, Tomcat, Jenkins and WebLogic.

Undetected in VirusTotalhttps://t.co/jzO2IBtH1I pic.twitter.com/15COFKzjNz
— Intezer (@IntezerLabs) December 29, 2020

A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.https://t.co/cOxAq43o7k
— Adam Levin (@Adam_K_Levin) December 30, 2020

New worm turns Windows, Linux servers into Monero miners https://t.co/VgLl3Lj2Xh
— The Cyber Security Hub™ (@TheCyberSecHub) December 30, 2020

Golang malware infecting Windows, Linux servers with XMRig miner #Cybersecurity #security #ux https://t.co/rRUR3sfB3E
— Bob Carver ✭ (@cybersecboardrm) December 31, 2020

permanent link

Open Wiki - Feel free to edit it. -

1/2 '21 answered

A new Golang-based worm has been actively dropping XMRig cryptocurrency malware on Windows and Linux servers since early December, mining Monerohttps://t.co/SqEpaMLnzL
— Gregg Housh (@GreggHoush) January 1, 2021

Golang malware infecting Windows, Linux servers with XMRig miner#cybersecurity #phishing #malware #Infosec #cyberthreats #ramsomware #hacking #databreach #dataprotection #privacy #dataleak #cyberattacks https://t.co/KnAItLWXfV pic.twitter.com/WYws3KojRO
— Paula Piccard ?? ?? (@Paula_Piccard) January 1, 2021

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured