Wed. Jul 15th, 2020

Fxtriangle | Market analysis | Managed trading

Fxtriangle will make Fx trading look easy.

Researchers find new variant of Golang cryptominer with likely links to China

2 min read

A new variant of cryptominer malware Golang with possible links to China is being used to target Windows and Linux PCs, researchers at Barracuda Networks found.

Though the volume of the threats detected is still quite low, the researchers managed to recognize seven IP addresses linked to the new variant. Further research revealed the IP addresses were based out of China. This can mean that the attacks originated from China, or the attack was routed through Chinese servers to mask the actual source of the attack. It is a typical practice among hacker groups.

According to Barracuda Networks, Golang malware targets both Windows and Linux systems by attacking web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL, instead of going after the end users.

Some of the exploits used by operators behind Golang were found to be targeting ThinkPHP web application framework, which is popular in China. An exploit is a program that finds and takes advantage of a security flaw in an application or system.

After infiltrating the system, Golang malware downloads multiple files such as Init/update script, a miner, a watchdog, a scanner, and a config file for the cryptominer. The files downloaded vary depending on the operating system on the device. For instance, on Windows PCs the malware also adds a backdoor. Once the files are downloaded, the malware starts mining the Monero cryptocurrency using XMRig, a known miner program.

“Malicious actors are once again turning to Golang as a malware language since it is not commonly tracked by antivirus software. As it targets vulnerable servers, it is still a top threat vector that cybercriminals look to exploit. However, we can defend organisations against this malware by monitoring the endpoints for suspicious activity as well as the surge in CPU usage, which is associated with most cryptominers,” Fleming Shi, CTO at Barracuda Networks said in a statement.

Barracuda advises that organizations should have a web application firewall in place and configure it properly as the malware spreads by scanning the internet for vulnerable devices. Security patches and updates should also be kept handy if any vulnerability is detected.

Leave a Reply

Forex trading and any instruments related to Foreign Exchange Market are Speculative and carry substantial risk of loss of either partial equity or the entire deposit amount. Leverage adds up to the risk, before considering to invest in this venture, you should first consider your financial position and may seek the help of an independent financial advisor. FXtriangle dis-recommends the usage of loan instruments to trade in this market as it can hamper financial position. Please do not invest the money that you cannot afford to lose. FXtriangle provides all its services throughout the Globe Excluding (Nigeria, British Virgin Island & the Islamic Republic of Iran) and also provides limited service in some jurisdictions where investment in Overseas markets / Fx Exchanges are prohibited by Law If you are not sure to contact us before using any of our services. FXtriangle acts as an Independent Corporate Financial Advisor and connects you to various overseas exchanges and cannot be held liable for any financial damage occurring through their side. All of our partnered institutions are regulated in various jurisdictions.FXtriangle conducts an independent background check before partnering with any institutions to fulfill your investment objectives smoothly. The usage of our Business name, Logo or any trademark in any financial forum, website, review website, complaint arena, Billboards without our written permission will attract lawsuits.