Instead of targeting end users, this new malware attacks servers, targeting web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL. Its main goal is to mine Monero cryptocurrency using a known miner, XMRig. The malware spreads as a worm, searching and infecting other vulnerable machines.
Barracuda researchers also revealed that, once the malware infects a machine, it downloads a number of dangerous files, which are customised based upon the platform being attacked. The attacks follow the same playbook, though, including an initial payload, an update script, a miner, a watchdog, a scanner, and a config file for the cryptominer. For Windows machines, the malware also adds a backdoor user.
Fleming Shi, CTO, Barracuda Networks commented: “The landscape of cyber crime is always adapting and changing, and it takes a vigilant and secure approach to IT to combat harmful malware and cyber scams.
“Defending against this new form of cyber crime starts with making sure you have a properly-configured web application firewall in place – this will protect machines against an abundance of malicious internet software, application and threats.
“Next, staying up to date on patches will ensure there are no exploitable vulnerabilities for a cybercriminal to capitalise on. And finally, monitoring systems for suspicious activity in a business environment will be extremely helpful in remediating any attacks as soon as they target your servers or end-users.”
