A known malware campaign aimed at installing cryptominers has upgraded its tactics to now attack Windows systems.
What’s going on?
Facts about Golang-based malware
- Golang is a 10 year-old compiled programming language.
- Earlier in April, Kinsing – a wormable loader written in Golang – was found dropping XMRig onto Docker containers.
- For Windows machines, the malware adds a backdoor user account. In the case of Linux machines, an init/update script serves the purpose.
How to stay safe?
- Ensure your web application firewall is properly configured.
- Staying current on security updates and patches.
- Regularly monitoring systems for suspicious activity.
The backdoor user account on Windows systems is used to deploy additional payloads on application servers, non-HTTP services, and web application frameworks.