Researchers Found New Worm with Botnet, Ransomware, and Coinmining Abilities

[silversurfer]

Palo Alto Networks' Unit 42 research team discovered a new malware class capable of targeting Linux and Windows servers, combining coin-mining, botnet and ransomware capabilities in a self-spreading worm package.

As detailed by Unit 42, the new malware family named Xbash is tied to the Iron Group, a threat actor previously known to perform ransomware attacks, which apparently has moved on to more complex attack vectors.

Xbash has been observed to propagate between servers using a combination of exploitable vulnerabilities and weak password brute-forcing and, unlike other ransomware, comes with data destruction features enabled by default with no restoration functionality making file recovery virtually impossible.

Moreover, Xbash's botnet and ransomware components target Linux servers by exploiting unprotected and vulnerable yet unpatched services, immediately erasing MySQL, PostgreSQL, and MongoDB databases and asking for Bitcoin ransoms to (hypothetically) restore the data.

On the other hand, Xbash's coin-mining and self-propagation modules aim for breaching Windows systems using known vulnerabilities in unpatched Hadoop, Redis, and ActiveMQ databases.

Source: https://news.softpedia.com/news/research...2736.shtml