Researchers discovered a new brute-force malware called StealthWorker that attack Windows & Linux platform via compromised E-commerce websites to steals personal information and payment data.
This Stealthy malware written in Golang language which is very rarely used by malware authors and this language already being used by Mirai botnet develop module.
In this case, E-commerce websites are being compromised by attackers using an embedded skimmer, before that they gain access to their target’s backend.
Threat actors achive this target by exploiting the vulnerabilities in the Content Management System (CMS) or abusing the plugin vulnerabilities.
Researchers initially analysing the command and control server (5.45.69[.]149) where they found the /storage directory hosting 5 samples that are intended to brute force the open source admin tool called PhPMyAdmin.
Previous version of this malware only targeted the windows platform but this new version also serves payload binaries to compromised the Linux platform.
Later researchers start analysing one of the sample “PhpMyAdminBrut_Windows_x86.exe” where they found another IP which leads to same web panel login and open directory with the variety of new samples.
These open directories are contains new filenames that indicate to targeting IoT devices with ARM and Mips architectures.
During the execution of StealthWorker malware creates a scheduled execution to make sure the malware stay persist even after victims reboot the system.
In Further analysis researchers use the IDA python script and find the malicious function that is used by this malware and the functions are clearly indicate that the malware targets the various platforms and services including cpanel, Mysql, SSH, Joomla. FTP Etc.
According to Fortinet research, “As we have seen in this new StealthWorker campaign, the malware developers have also taken further steps to increase their rate of success by also being able to infect a wider range of platforms.”
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Also Read:
Brutespray – Port Scanning and Automated Brute Force Tool
StegCracker – Brute-force Utility to Uncover Hidden Data Inside Files
Troldesh Ransomware Spreading Via Weaponized Word Document and RDP Brute-force Attack
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…