New peer-to-peer botnet Panchan hijacks Linux servers

Read Time:1 Minute, 0 Second

Researchers warn of a new worm that’s infecting Linux servers by brute-forcing and stealing SSH credentials. The hijacked servers are joined in a botnet and are used to mine cryptocurrency by loading mining programs directly in memory with no files on disk.

Dubbed Panchan by researchers from Akamai, the malware is written in the Go programming language, which allows it to be platform independent. It first appeared in late March and has infected servers in all regions of the world since then, though Asia does seem to have a bigger concentration. The most impacted vertical seems to be education.

“This might be due to poor password hygiene, or it could be related to the malware’s unique lateral movement capability with stolen SSH keys,” the Akamai team said in a blog post. “Researchers in different academic institutions might collaborate more frequently, and require credentials to authenticate to machines that are outside of their organization/network, than employees in the business sector. To strengthen that hypothesis, we saw that some of the universities involved were from the same country — Spain, or others from the same region, like Taiwan and Hong Kong.”

To read this article in full, please click here

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

Major Biometric Data Farming Operation Uncovered

Ransomware Attack Exposes Data of 5.6 Million Ascension Patients

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

Criminal Complaint against LockBit Ransomware Writer

Cryptomining Malware Found in Popular Open Source Packages