Security News > 2020 > December > New worm turns Windows, Linux servers into Monero miners
A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.
The C2 server is used to host the bash or PowerShell dropper script, a Golang-based binary worm, and the XMRig miner deployed to surreptitiously mine for untraceable Monero cryptocurrency on infected devices.
The worm spreads to other computers by scanning for and brute-forcing MySql, Tomcat, and Jenkins services using password spraying and a list of hardcoded credentials.
Older versions of the worm were also seen trying to exploit the CVE-2020-14882 Oracle WebLogic remote code execution vulnerability.
To defend against brute force attacks launched by this new multi-platform worm you should limit logins and use hard to guess passwords on all Internet-exposed services, as well as two-factor authentication whenever possible.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Windows Server 2025 released—here are the new features (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 9.8 |