Golang malware has been active since last month targeting both Linux and Windows-based servers.
Multi-platform malware is a bit more dangerous than others since it could infect various operating systems at the same time. An example of one such in the latest is of a Golang based malware.
The malware has been actively involved in installing the XMRig miner on both Windows and Linux servers since the start of December 2020 in order to mine cryptocurrencies.
These servers are targeted based on the fact that they are public-facing in the form of MySQL databases or Tomcat admin panels for example combined with poor security practices.
Discovered by cybersecurity researchers at Intezer; the malware operates with the help of 3 main files that reside on a C2 server:
A script based on either Bash or Powershell to drop the malware
A Golang based binary worm
The XMrig miner in itself
Since the first 2 (Linux version ones) have been found to be undetected on virus analysis platforms like VirusTotal, it shows us that it has managed to successfully evade security filters.
Explaining further on how the malware operates, the researchers state in a blog post that,
Upon execution, the worm checks if a process on the infected machine is listening on port 52013. The existence of a listener on this port functions as a mutex for the malware. If a socket for the port is already ..
Support the originator by clicking the read the rest link below.
![[Bug 252310] www/gitea: Update to 1.13.1 (fixes security vulnerabilities)](upload/sources/90591557817151.jpg)
