Security News > 2020 > December > New worm turns Windows, Linux servers into Monero miners

New worm turns Windows, Linux servers into Monero miners
2020-12-30 09:40

A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.

The C2 server is used to host the bash or PowerShell dropper script, a Golang-based binary worm, and the XMRig miner deployed to surreptitiously mine for untraceable Monero cryptocurrency on infected devices.

The worm spreads to other computers by scanning for and brute-forcing MySql, Tomcat, and Jenkins services using password spraying and a list of hardcoded credentials.

Older versions of the worm were also seen trying to exploit the CVE-2020-14882 Oracle WebLogic remote code execution vulnerability.

To defend against brute force attacks launched by this new multi-platform worm you should limit logins and use hard to guess passwords on all Internet-exposed services, as well as two-factor authentication whenever possible.


News URL

https://www.bleepingcomputer.com/news/security/new-worm-turns-windows-linux-servers-into-monero-miners/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2602 1595 67 4328