Golang Worm Widens Scope to Windows, Adds Payload Capacity

2020-06-25 18:30

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks.

"Although the language is about 10 years old, and is used by many legitimate programmers, there has not been as much activity with Golang malware," according to F5. That said, in April, another wormable Golang loader known as Kinsing was spotted dropping XMRig onto Docker instances.

Once the malware infects a machine, it downloads a set of files that are customized based on the platform it is attacking.

The scanner file meanwhile is the malware's worm propagation mechanism.

For Windows machines, the malware also adds a backdoor user, researchers found - essentially just adding another user to the system.

News URL

https://threatpost.com/worm-golang-malware-windows-payloads/156924/

#windows #worm

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Golang		13	1	43	88	11	143