A cryptomining botnet has been attacking unpatched routers since at least May 2019. It exploits a small set of critical vulnerabilities and targets multiple CPU architectures.
Named LiquorBot, the malware is written in Golang (Go) a programming language that has a syntax similar to C but presents some advantages, such as memory safety and garbage collection.
12+ versions in less than a year
Researchers at Bitdefender first saw LiquorBot on May 31, 2019, and tracked its evolution to a version discovered on October 10. Between these dates, 11 releases were identified:
SHA1
Package path
First seen
2901d4ee7f289bf0b1a863bec716d751f66a4324
/home/woot/webliquor/
May 31st 2019
1bee367d72c472e5991435479cfdecdf3b6e65db
/home/woot/webliquor/
June 4th 2019
2d1d294aac29fab2041949d4cb5c58d3169a31d3
/home/woot/webliquor/
June 7th 2019
b9dd4d230d103b3db458d752d4917466ec1cb9b0
/home/woot/webliquor/
June 10th 2019
31176239ab5187af5d89666f37038340b95a5a4e
/home/woot/webliquor/
June 14th 2019
c6d850e264d7d8d6978cd85d69c22b29378e34e4
/home/woot/webliquor/
June 26th 2019
c59dd90f7cefadaa80d9c0113f8af39e4ed0c1a1
/home/woot/liquorv3/
July 24th 2019
8df16857cb914f5eded0249cfde07f1c01697db1
/home/woot/Desktop/GoNet/
Aug 8th 2019
8364c272e0c95ed214c71dbcb48f89c468544bc8
/home/woot/Desktop/ExNet/
Sep 11th 2019
bb07341ab6b203687845ae38cd8c17dfc947e79f
/home/woot/Desktop/MineGO/
Sep 13th 2019
331ec23c250b86d912fa34e0e700bfcac1a7c388
/home/woot/Desktop/MineGO/
Sep 30th 2019
63b556a0afcf643337310254cc7f57c729188f36
/home/woot/Desktop/MineGO/
Oct 1st 2019
5821ff8eb9b23035a520e1fb836e43b1ec87ffaf
/home/woot/Desktop/MineGO/
Oct 10th 2019
At its core, LiquorBot ..
Support the originator by clicking the read the rest link below.
