skip to Main Content

Cybercrime, new Golang worm drops XMRig cryptominer on Linux-Windows

Intezer: New Golang worm drops XMRig cryptominer on Linux-Windows. The malware can easily maneuver from one platform to the other, and it targets public facing services

New Golang worm is dropping XMRig cryptominer on Linux and Windows servers. It has been discovered by Intezer cybersecurity experts. The malware can easily maneuver from one platform to the other. It targets public facing services; MySQL, Tomcat admin panel and Jenkins that have weak passwords. In an older version, the worm has also attempted to exploit WebLogic’s latest vulnerability: CVE-2020-14882. The cybercrime attack uses three files: a dropper script (bash or powershell), a Golang binary worm, and an XMRig Miner—all of which are hosted on the same C&C. Moreover, the ELF worm binary and the bash dropper script are both fully undetected in VirusTotal.

Back To Top