Bleeping Computer
A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.
This multi-platform malware also has worm capabilities that allow it to spread to other systems by brute-forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords as revealed by Intezer security researcher Avigayil Mechtinger.
The attackers behind this campaign have been actively updating the worm’s capabilities through its command-and-control (C2) server since it was first spotted which hints at an actively maintained malware.
The C2 server is used to host the bash or PowerShell dropper script (depending on the targeted platform), a Golang-based binary worm, and the XMRig miner deployed to surreptitiously mine for untraceable Monero cryptocurrency on infected devices.