Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Intezer: New Golang worm drops XMRig cryptominer on Linux-Windows. The malware can easily maneuver from one platform to the other, and it targets public facing services
New Golang worm is dropping XMRig cryptominer on Linux and Windows servers. It has been discovered by Intezer cybersecurity experts. The malware can easily maneuver from one platform to the other. It targets public facing services; MySQL, Tomcat admin panel and Jenkins that have weak passwords. In an older version, the worm has also attempted to exploit WebLogic’s latest vulnerability: CVE-2020-14882. The cybercrime attack uses three files: a dropper script (bash or powershell), a Golang binary worm, and an XMRig Miner—all of which are hosted on the same C&C. Moreover, the ELF worm binary and the bash dropper script are both fully undetected in VirusTotal.