Researchers Found New Worm with Botnet, Ransomware, and Coinmining Abilities



A new malware class has been discovered by Palo Alto Networks' Unit 42 research team, capable of targeting Windows and Linux servers and combining coinmining, botnet and ransomware capabilities in a self-spreading worm package.

As detailed by Unit 42, the new malware family named Xbash is tied to the Iron Group, a threat actor previously known to perform ransomware attacks, which apparently has moved on to more complex attack vectors.

Xbash has been observed to propagate between servers using a combination of exploitable vulnerabilities and weak password brute-forcing and, unlike other ransomware, comes with data destruction features enabled by default with no restoration functionality making file recovery virtually impossible.

Moreover, Xbash's botnet and ransomware components target Linux servers by exploiting unprotected and vulnerable yet unpatched services, immediately erasing MySQL, PostgreSQL, and MongoDB databases and asking.

No comments:

Post a Comment