Technology

Researchers find new variant of Golang cryptominer with likely links to China

Posted on Author World News Live Comment(0)


NEW DELHI: A new variant of cryptominer malware Golang with possible links to China is being used to targetg Windows and Linux PCs, researchers at Barracuda Networks found.

Though the volume of the threats detected is still quite low, the researchers managed to recognise seven IP addresses linked to the new variant. Further research revealed the IP addresses were based out of China. This can mean that the attacks originated from China, or the attack was routed through Chinese servers to mask the actual source of the attack. It is a typical practice among hacker groups.

According to Barracuda Networks, Golang malware targets both Windows and Linux systems by attacking web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL, instead of going after the end users.

Some of the exploits used by operators behind Golang were found to be targeting ThinkPHP web application framework, which is popular in China. An exploit is a program that finds and takes advantage of a security flaw in an application or system.

After infiltrating the system, Golang malware downloads multiple files such as Init/update script, a miner, a watchdog, a scanner, and a config file for the cryptominer. The files downloaded vary depending on the operating system on the device. For instance, on Windows PCs the malware also adds a backdoor. Once the files are downloaded, the malware starts mining the Monero cryptocurrency using XMRig, a known miner program.

“Malicious actors are once again turning to Golang as a malware language since it is not commonly tracked by antivirus software. As it targets vulnerable servers, it is still a top threat vector that cybercriminals look to exploit. However, we can defend organisations against this malware by monitoring the endpoints for suspicious activity as well as the surge in CPU usage, which is associated with most cryptominers,” Fleming Shi, CTO at Barracuda Networks said in a statement.

Barracuda advises that organizations should have a web application firewall in place and configure it properly as the malware spreads by scanning the internet for vulnerable devices. Security patches and updates should also be kept handy if any vulnerability is detected.

Subscribe to newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.



Source link

Share on Facebook
Tweet
Follow us
World News Live

Related Articles
Technology

Google to keep employees home until July 2021

Posted on Author World News Live

Google will allow most employees to work from home through to July 2021 in response to the ongoing coronavirus pandemic, the tech giant said Monday. In an email to employees, Google chief executive Sundar Pichai said, “To give employees the ability to plan ahead, we are extending our global voluntary work from home option through […]

Technology

Tenet Release Date Set for August–September in Over 70 Countries

Posted on Author World News Live

A new staggered release plan for Tenet — Christopher Nolan’s time-bending espionage epic movie — has been set, as promised. A week after Warner Bros. said it would announce a new release date “imminently” and days after a report hinted at a late August debut, the studio has unveiled Tenet release dates for 70 countries […]

Technology

Asus ROG Phone 3 Review

Posted on Author World News Live

Do you really need to spend Rs. 50,000 on a device like the new Asus ROG Phone 3 just to play games? No, of course not. Nearly all the phones that we’ve tested this year, priced at around or below Rs. 15,000, have been able to play modern games smoothly enough, and the whole reason […]