Though the quantity of the threats detected remains to be fairly low, the researchers managed to recognise seven IP addresses linked to the brand new variant. Further analysis revealed the IP addresses have been primarily based out of China. This can imply that the assaults originated from China, or the assault was routed by Chinese servers to masks the precise supply of the assault. It is a typical apply amongst hacker teams.
According to Barracuda Networks, Golang malware targets each Windows and Linux methods by attacking net software frameworks, software servers, and non-HTTP providers reminiscent of Redis and MSSQL, as a substitute of going after the top customers.
Some of the exploits utilized by operators behind Golang have been discovered to be focusing on ThinkPHP net software framework, which is in style in China. An exploit is a program that finds and takes benefit of a safety flaw in an software or system.
After infiltrating the system, Golang malware downloads a number of information reminiscent of Init/replace script, a miner, a watchdog, a scanner, and a config file for the cryptominer. The information downloaded differ relying on the working system on the system. For occasion, on Windows PCs the malware additionally provides a backdoor. Once the information are downloaded, the malware begins mining the Monero cryptocurrency utilizing XMRig, a recognized miner program.
“Malicious actors are as soon as once more turning to Golang as a malware language since it isn’t generally tracked by antivirus software program. As it targets weak servers, it’s nonetheless a high risk vector that cybercriminals look to use. However, we are able to defend organisations in opposition to this malware by monitoring the endpoints for suspicious exercise in addition to the surge in CPU utilization, which is related to most cryptominers,” Fleming Shi, CTO at Barracuda Networks stated in an announcement.
Barracuda advises that organizations ought to have an internet software firewall in place and configure it correctly because the malware spreads by scanning the web for weak units. Security patches and updates must also be stored useful if any vulnerability is detected.