Security News > 2020 > June > Kinda goes without saying, but shore up your admin passwords or be borged by this brute-forcing botnet

Known to Akamai researchers as Stealthworker, the infection preys on weak passwords then uses a massive arsenal of malware to overtake Windows and Linux servers running popular CMS, publishing, and hosting tools.

By breaking up the attempts among multiple machines, the attacker can avoid limits on the number of login attempts.

For WordPress, a modified version of the Alternate-Lite theme leads to downloaders that target the back end and look to overtake the entire server via applications such as cPanel and WMH. The end result is a fully pwned Windows or Linux server at the command of the botnet owner.

Eventually the server is instructed to dial its command-and-control host, where it is given its instructions to join with other servers in attempting to brute-force the passwords of other machines.

In the process we are told, all passwords collected from the pwned machine get added into the list of logins that the botnet attempts on other machines.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/05/stealthworker_akamai_botnet/