The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Golang

New Golang-based Linux Malware Targeting eCommerce Websites

New Golang-based Linux Malware Targeting eCommerce Websites

November 22, 2021Ravie Lakshmanan
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research  said  in an analysis. "After a day and a half, the attacker found a file upload vulnerability in one of the store's plugins." The name of the affected vendor was not revealed. The initial foothold was then leveraged to upload a malicious web shell and alter the server code to siphon customer data. Additionally, the attacker delivered a Golang-based malware called " linux_avp " that serves as a backdoor to execute commands remotely sent from a command-and-control server hosted in Beijing. Upon execution, the program is designed to remove itself from the disk and camouflage as a " ps -ef
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

July 19, 2021Ravie Lakshmanan
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed " Diicot brute ," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week. While the goal of the campaign is to deploy Monero mining malware by remotely compromising the devices via brute-force attacks, the researchers connected the gang to at least two  DDoS  botnets, including a  Demonbot  variant called chernobyl and a Perl  IRC bot , with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021. The Romanian cybersecurity technology company said it began its investigation into the group's hostile online activities in May 2021, leading
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.