Researchers warn that newly founded Xwo malware might lay the basis for far more harmful cyber attacks around the globe.
A new form of malware is scanning the internet for exposed web services and default passwords in what is thought to be a recognition operation – one that may signal a bigger cyber attack is to come.
A new form of malware is scanning the internet for exposed web services and default passwords in what is thought to be a recognition operation – one that may signal a bigger cyber attack is to come.
AT&T Alien Labs researchers first discovered this malware and named it Xwo by its primary module name in March. It is thought that Xwo could be related to two other forms of malicious software— MongoLock ransomware and X Bash, a malware that rolls ransomware, a coinminer, a botnet, and a worm into one — because of similarities in the Python-based code.
But unlike MongoLock and Xbash, the focus of Xwo is not on Ransomware, crypto - currency mining or other similar money - making: the focus is on scanning for credentials and exposed services.
This infrastructure is already linked with MongoLock and follows a pattern of domain development that mirrors cyber security companies ' websites and news web sites and that registers them for Tokelau, New Zealand's South Pacific region. This is the top - level country code domain for Tokelau.
Xwo Malware |
While the way Xwo has spread or gained access to the Internet still remains uncertain, the malware is intended to carry out recognition and send information via an HTTP POST request to the server of commands and controls.
In services such as FTP, MySQL, PostgreSQL, MongoDB, Redis or Memcached, Xwo collects information concerning the use of default access credentials and misconfigurations for Tomcat, a Java Servlet open source execution.
The malware also collects information about SVN and Git paths, version content in the Git repository format, and PhP administration information. The bot is highly likely to monitor weak spots, which can be exploited further down the line in more harmful attacks.
MORE INFO..
Related Link:
Latest Ransomware ‘Xwo’ Attacks PCs With Default Passwords
New Xwo Web Scanner Helps MongoLock Ransomware Find VictimsThe malware also collects information about SVN and Git paths, version content in the Git repository format, and PhP administration information. The bot is highly likely to monitor weak spots, which can be exploited further down the line in more harmful attacks.
MORE INFO..
Related Link:
Latest Ransomware ‘Xwo’ Attacks PCs With Default Passwords
No comments:
Post a Comment