Researchers discovered a new cryptocurrency mining malware which is targeting vulnerable computers to mine Monero (XMR).
Dubbed as GoLang, the malware is written in Go programing language and targets .
In the last few weeks, multiple cybersecurity research groups reported about the malware and, according to the researchers at Trend Micro, the malware not only targets a vulnerable server but also try to propagate in the entire network.
Many ways to target a system
Another research group, F5, detailed that the malware spreads through seven methods in a network – four methods involves targeting the server-level programming languages, while others involve the misconfigured credentials in the SSH or Redis database.
The researchers also detailed that the malicious code first send a GET request to ident.me, a service which finds public IP addresses, and then the list of IPs are searched to find open ports 80, 20, 8090, and 6397. If any open port is found in any server, the malware sends a request to download a payload hosted on Pastebin.
To mine the digital currency, GoLang uses a well-known Monero mining script called XMRig 2.13.1.
To hide the propagation or presence of the malware, the malicious code even disables security tools and software, and deletes history and logs in the compromised machine. Moreover, it also kills any ongoing crypto mining operation in the system to utilize maximum CPU space. It also kills any processes utilizing more than 30 percent of the memory resource.
The cybercriminals even successfully injected the malware in a few mining pools and, according to F5 researchers, they earned less than $2,000 worth crypto to date from the pools. However, the estimation is based on specific sample wallet addresses owned by the miners.
Cryptojacking has always been a . Many popular websites were also found to inject mining scripts in visitors computers to mine cryptocurrency without their consent.
Earlier, that an infamous crypto-mining malware, Shellbot, was updated by its developers to shut all crypto mining services on the infected computer to squeeze all the processing power.
Be First to Comment