Golang Cryptomining Worm Offers 15% Speed Boost

 

Cybersecurity intelligence at the security firm Intezer has discovered a new Golang-based worm that is attacking Windows and Linux servers with monero crypto-mining malware. This latest form of the Monero-mining malware known as web server bugs, adds more efficiency to the mining process. 

Threat actors deploy Monero-mining malware into victims’ machines; in a switch-up of tactics, the payload binaries have capacities to speed up the mining process by 15 percent, researchers reported. (A binary payload is a set of binary files, configuration files, batch, or Shell scripts.  Even you can deploy a patch or hotfix without using an installer) 

Reportedly, the worm that has been active since early December 2020, injects XMRig malware on victim's machines that are often used for cryptocurrency mining such as monero. It attacks vulnerable servers, public-facing services such as MySQL, the open-source automation Jenkins server that uses weak passwords, and the Tomcat administration panel. It also attacks a vulnerability in Oracle WebLogic that is discovered as CVE-2020-14882. 

“CVE-2020-14882 [is a] classic path-traversal vulnerability used for exploiting vulnerable web logic servers…” Uptycs reports. “…It seemed like the attacker tried to bypass the authorization mechanism by changing the URL and performing a path traversal using double encoding on /console/images,”  

Kyung Kim, senior managing director and the head of cybersecurity for the Asia-Pacific Region at FTI Consulting, reported that a number of cybercriminals are using the Golang programming language to help them target operating systems other than Windows. 

"Golang is popular for attackers because it's multi-variate and allows a single codebase to be accumulated into all major operating systems, Rather than attacking end-users, Golang malware focuses its efforts on compromising application servers, frameworks, and web applications, which is partially why it can infiltrate systems easily without being detected," Kim told. 

‘Intezer’ is a technology-advanced cybersecurity firm that has created the world’s first cyber immune system against malicious code. The company helps in detecting variations of any threat seen in history by profiling even the slightest amount of code reuse.