A new variant of the cryptominer malware ‘Golang’ which affects both Windows and Linux machines, has been identified by the researchers at cybersecurity firm Barracuda Networks. The company revealed in its official release that the new malware variant is aiming at mining the Monero cryptocurrency using a known miner, XMRig.
Although the volume is low right now, the researchers have identified just seven IP addresses related to this new malware variant up to now, all based out of China. It has also been found that the Golang malware aims to target web application frameworks, application servers, and non-HTTP services including Redis and MSSQL, rather than attacking the end-users.
Only Linux machines were targeted by the former variants of the malware but the Golang variation is also targeting Windows machines through a new pool of exploits such as Oracle WebLogic, ElasticSearch, Drupal, Hadoop, and IoT devices. The company shared in a statement that certain exploits the malware consists of are attacking the ThinkPHP web application framework, which is famous in China. Like the other families of malware, it is predicted that this malware will continuously grow, utilize more and more exploits,” said
When the Golang malware attacks a machine, it downloads the files like an Init/update script, a miner, a watchdog, a scanner, and a config file for the cryptominer, depending on the platform it is targeting. The malware also adds a backdoor user for Windows machines.
How Can You Protect Your Server?
The Golang malware spreads by scanning the internet for vulnerable machines which means organizations need to have a web application firewall ready and effectively configure. Organizations need to have comprehensive information with security patches and updates to be prepared to tackle such threats.
Golang is not generally identified by antivirus software which is why malicious agents are using it as a malware language. It is a top threat vector that cybercriminals choose to exploit as it attacks vulnerable servers. Nonetheless, we can protect organizations against this malware by checking the endpoints for dubious action as well as the rise in CPU usage, which is related to most cryptominers. The threat of any future cryptojacking attack can be decreased by introducing active, frequently tested incident response plans.