Security News > 2021 > August > Golang Cryptomining Worm Offers 15% Speed Boost

Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said.

According to research from Uptycs, the worm scans for and exploits various known vulnerabilities in popular Unix and Linux-based web servers, including CVE-2020-14882 in the Oracle WebLogic Server, and CVE-2017-11610, a remote code-execution bug which affects XML-RPC servers.

The attack begins with a shell script which downloads the worm using the curl utility, researchers noted, adding that the script uses several defense-evasion techniques like firewall altering and disabling monitoring agents.

Once installed, the worm downloads another shell script which downloads a copy of the same Golang worm.

"According to the documentation of XMRig, disabling the hardware prefetcher increases the speed up to 15 percent," researchers said.

In all, the Uptycs team identified seven similar samples of the Golang wormed cryptominer, starting in June.


News URL

https://threatpost.com/golang-cryptomining-worm-speed-boost/168456/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
9.8
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Golang 13 1 36 91 16 144