Security News > 2024 > March > Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.
According to the researchers, the hackers deploy a set of four novel Golang payloads that are responsible for identifying and exploiting hosts running services for Hadoop YARN, Docker, Confluence, and Redis.
Another Golang payload discovered is called "Fkoths" and its task is to remove traces of the initial access by deleting Docker images from the Ubuntu or Alpine repositories.
While most of the payloads in the campaign are widely flagged as malicious by antivirus engines on the Virus Total scanning platform, the four Golang binaries for discovering target services are virtually undetected.
New Migo malware disables protection features on Redis servers.
Hackers start exploiting critical Atlassian Confluence RCE flaw.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)