Windows and Linux servers turned into crypto miners

Security researchers have discovered a new malware that installs a legitimate cryptocurrency mining program on poorly secured Windows and Linux servers. 

Intezer’s Avigayil Mechtinger, who specializes in malware analysis, has been tracking the multi-platform worm that installs XMRig Miner to mine the Monero cryptocurrency since early December.  

According to Mechtinger, the worm targets public facing MySQL, Tomcat, and Jenkins installations that have weak passwords.

Active and mutating

Explaining the workflow of the worm, Mechtinger writes that the worm scans for Tomcat, Jenkins, and MySQL services with open ports and then brute-forces its way inside. It then delivers a loader script on the compromised server that’ll drop and run the XMRig Miner. 

An earlier version of the worm also attempted to exploit the latest vulnerability in WebLogic (CVE-2020-14882). During Mechtinger’s analysis, the attacker kept updating the worm on the Command and Control (C&C) server. This indicates “that it’s active and might be targeting additional weak configured services in future updates,” she writes.

screenshot of Intezer's Analysis

(Image credit: Intezer)

In her report, Mechtinger notes that the worm’s code is “nearly identical” for both Windows and Linux targets, which to her “demonstrates that Linux threats are still flying under the radar for most security and detection platforms.”

Note that this latest worm follows the discovery of the PgMiner worm, which exploited a disputed vulnerability in PostgreSQL servers running on Linux to install a cryptocurrency miner. 

Mechtinger also makes note of another trend: “In 2020, we saw a noticeable trend of Golang malware targeting different platforms, including Windows, Linux, Mac and Android. We assess with high confidence that this will continue in 2021.”

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/2WWCYOz

Comments

Popular posts from this blog

F1 live stream: how to watch every 2021 Grand Prix online from anywhere

Best blogging sites of 2021: Free and paid blog platforms

Tableau launches new enterprise plans, big data tools