Researchers warn of a new worm that’s infecting Linux servers by brute-forcing and stealing SSH credentials. The hijacked servers are joined in a botnet and are used to mine cryptocurrency by loading mining programs directly in memory with no files on disk.
Dubbed Panchan by researchers from Akamai, the malware is written in the Go programming language, which allows it to be platform independent. It first appeared in late March and has infected servers in all regions of the world since then, though Asia does seem to have a bigger concentration. The most impacted vertical seems to be education.
“This might be due to poor password hygiene, or it could be related to the malware’s unique lateral movement capability with stolen SSH keys,” the Akamai team said in a blog post. “Researchers in different academic institutions might collaborate more frequently, and require credentials to authenticate to machines that are outside of their organization/network, than employees in the business sector. To strengthen that hypothesis, we saw that some of the universities involved were from the same country — Spain, or others from the same region, like Taiwan and Hong Kong.”
More Stories
Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox
Kryptina, a free Ransomware-as-a-Service tool available on dark web forums, is now being used by Mallox ransomware affiliates Read More
Hacking the “Bike Angels” System for Moving Bikeshares
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system...
Vulnerabilities Found in Popular Houzez Theme and Plugin
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users Read...
Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure
An overall rise in cyber incidents coming from Russian-aligned adversaries in 2024 was accompanied by a decrease in high and...
Quantum Computing and Cybersecurity – Preparing for a New Age of Threats
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...
LinkedIn Pauses GenAI Training Following ICO Concerns
The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training Read More