Golang Worm Widens Scope to Windows, Adds Payload Capacity

published 25.06.2020 16:30

by Tara Seals from threatpost.com
Image of article 'Golang Worm Widens Scope to Windows, Adds Payload Capacity'

They added, “While the volume is still low because the variant is so new, Barracuda researchers have seen only seven source IP addresses linked to this malware variant so far, and they are all based in China.”

“This new malware variant attacks web application frameworks, application servers and non-HTTP services such as Redis and MSSQL,” explained the researchers.

The malware itself was first uncovered about a year ago, and is a loader that spreads as a worm, searching and infecting other vulnerable machines.

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks.

“Although the malware includes components which constantly check for updates and help persist the attack, the installed backdoor user grants another level of control to the operators,” Erez Turjeman, senior software engineer and a security researcher for Barracuda Labs, told Theatpost.