New worm turns Windows, Linux servers into Monero miners

2020-12-30 09:40

A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.

The C2 server is used to host the bash or PowerShell dropper script, a Golang-based binary worm, and the XMRig miner deployed to surreptitiously mine for untraceable Monero cryptocurrency on infected devices.

The worm spreads to other computers by scanning for and brute-forcing MySql, Tomcat, and Jenkins services using password spraying and a list of hardcoded credentials.

Older versions of the worm were also seen trying to exploit the CVE-2020-14882 Oracle WebLogic remote code execution vulnerability.

To defend against brute force attacks launched by this new multi-platform worm you should limit logins and use hard to guess passwords on all Internet-exposed services, as well as two-factor authentication whenever possible.

News URL

https://www.bleepingcomputer.com/news/security/new-worm-turns-windows-linux-servers-into-monero-miners/

#linux #monero #server #windows #worm #CVE-2020-14882

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-21	CVE-2020-14882	Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). oracle	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	65	3016	1800	67	4948

News URL

Related news

Related Vulnerability

Related vendor