Security News > 2022 > June > Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

A new Golang-based peer-to-peer botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022.

Dubbed Panchan by Akamai Security Research, the malware "Utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "Harvests SSH keys to perform lateral movement."

The cybersecurity and cloud service company noted it first spotted Panchan's activity on March 19, 2022, and attributed the malware to a likely Japanese threat actor based on the language used in the administrative panel baked into the binary to edit the mining configuration.

Panchan is known to deploy and execute two miners, XMRig and nbhash, on the host during runtime, the novelty being that the miners aren't extracted to the disk to avoid leaving a forensic trail.

"To avoid detection and reduce traceability, the malware drops its cryptominers as memory-mapped files, without any disk presence," the researchers said.

An interesting clue as to the malware's origins is the result of an OPSEC failure on the part of the threat actor, revealing the link to a Discord server that's displayed in the "Godmode" admin panel.

News URL

https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html