Cyber-security researchers have identified a new variant of cryptominer malware from China-based hackers that is targeting both Windows and Linux machines.
Called Golang, the new malware variant is aiming at mining Monero, an open-source cryptocurrency created in 2014, according to US-based cyber security firm Barracuda Networks.
While the volume is still low, researchers have spotted seven IP addresses linked to this new malware variant so far, all based out of China.
Researchers noticed that the ‘Golang’ malware focuses on attacking web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL, instead of targeting the end-users.
“Malicious actors are once again turning to Golang as a malware language since it is not commonly tracked by antivirus software. As it targets vulnerable servers, it is still a top threat vector that cybercriminals look to exploit,” said Fleming Shi, CTO at Barracuda Networks.
Once the Golang malware infects a machine, it downloads the files based on the platform it is attacking. For Windows machines, the malware also adds a backdoor user.
Organisations need to have a web application firewall in place and properly configured as the new Golang malware spreads by scanning the internet for vulnerable machines.
Being aware of how this malware variant works can help organisations monitor their Windows and Linux servers for such type of malicious activity and take quick actions.
“We can defend organisations against this malware by monitoring the endpoints for suspicious activity as well as the surge in CPU usage, which is associated with most cryptominers,” said Shi.