They added, “While the volume is still low because the variant is so new, Barracuda researchers have seen only seven source IP addresses linked to this malware variant so far, and they are all based in China.”
“This new malware variant attacks web application frameworks, application servers and non-HTTP services such as Redis and MSSQL,” explained the researchers.
The malware itself was first uncovered about a year ago, and is a loader that spreads as a worm, searching and infecting other vulnerable machines.
A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks.
“Although the malware includes components which constantly check for updates and help persist the attack, the installed backdoor user grants another level of control to the operators,” Erez Turjeman, senior software engineer and a security researcher for Barracuda Labs, told Theatpost.
I really appreciate you for taking the time to write me this feedback.
I received your feedback.
I am sorry!
An error occurred and we could not transfer your message.
Please try again or get in contact with us via mail.