Saturday, September 7, 2024
HomeLinux malwareStealthWorker Brute-force Malware Attack on Windows & Linux Platform Via Hacked...

StealthWorker Brute-force Malware Attack on Windows & Linux Platform Via Hacked E-commerce Websites

Published on

Researchers discovered a new brute-force malware called StealthWorker that attack Windows & Linux platform via compromised E-commerce websites to steals personal information and payment data.

This Stealthy malware written in Golang language which is very rarely used by malware authors and this language already being used by Mirai botnet develop module.

In this case, E-commerce websites are being compromised by attackers using an embedded skimmer, before that they gain access to their target’s backend.

- Advertisement - EHA

Threat actors achive this target by exploiting the vulnerabilities in the Content Management System (CMS) or abusing the plugin vulnerabilities.

StealthWorker malware Infection Process

Researchers initially analysing the command and control server (5.45.69[.]149) where they found the /storage directory hosting 5 samples that are intended to brute force the open source admin tool called PhPMyAdmin.

Previous version of this malware only targeted the windows platform but this new version also serves payload binaries to compromised the Linux platform.

Later researchers start analysing one of the sample “PhpMyAdminBrut_Windows_x86.exe” where they found another IP which leads to same web panel login and open directory with the variety of new samples.

These open directories are contains new filenames that indicate to targeting IoT devices with ARM and Mips architectures.

During the execution of StealthWorker malware creates a scheduled execution to make sure the malware stay persist even after victims reboot the system.

In Further analysis researchers use the IDA python script and find the malicious function that is used by this malware and the functions are clearly indicate that the malware targets the various platforms and services including cpanel, Mysql, SSH, Joomla. FTP Etc.

According to Fortinet research, “As we have seen in this new StealthWorker campaign, the malware developers have also taken further steps to increase their rate of success by also being able to infect a wider range of platforms.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Brutespray – Port Scanning and Automated Brute Force Tool

StegCracker – Brute-force Utility to Uncover Hidden Data Inside Files

New Hacking Group Outlaw Distributing Botnet to Scan The Network & Perform Cryptocurrency-Mining & Brute-Force Attack

Troldesh Ransomware Spreading Via Weaponized Word Document and RDP Brute-force Attack

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group

FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is...

Lazarus Hackers Attacking Job-Seekers to Deliver Javascript Malware

The Lazarus Group is one of the most notorious hacker groups linked to the...