Security researchers have discovered a new form of malware named Golang in the wild mining cryptocurrency monero.
The Golang malware is based on the open-source Go programming language.
Security researcher Josh Grunzweig of Palo Alto Networks collected a total of 10,700 unique malware samples written in Go with majority targeting Windows operating system.
“Of the samples, 75% were able to have their malware family identified. The most prominent malware families included Veil, GoBot2, and HERCULES. Additionally, the most prevalent malware groupings included Pentesting, Remote Access Trojans (RATs), and Backdoors”
The ongoing campaign was first detected in May targeting Linux based servers.
The malware looks for machines running vulnerable software to propagate vulnerable machines and also looks for several entry points to spread to other systems.
According to researchers from security firm F5 labs Golang malware spread through a variety of methods.
The malware campaign propagate through seven methods: 2 targeting ThinkPHP, 1 targeting Drupal, and 1 targeting Confluence, SSH credentials enumeration, Redis database passwords enumeration,
Once the access is gained the malware tries to spread to other machines using found SSH keys.
“The payload delivered in the request tries to spread by sending the same exploits, and by trying to connect with several hardcoded credentials to Redis services and also via SSH. The ultimate goal of the payload is to install a crypto miner and target other servers through the methods mentioned above. “ said in the blog post published by F5 researchers.
You may be interested in reading: New GandCrab Ransomware Campaign Targets MySQL Servers on Windows