You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New malware campaign distributes StealthWorker malware to compromise multiple platforms

New malware campaign distributes StealthWorker malware to compromise multiple platforms
New malware campaign distributes StealthWorker malware to compromise multiple platforms- March 7, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_444597916.jpg)
- The StealthWorker malware also known as GoBrut is a brute-force malware which is written in the Go language.
- In this new campaign, attackers are leveraging the brute-force only approach targeting vulnerable host with weak credentials.
What is the issue - Researchers from FortiGuard Labs recently observed a new campaign that distributes the StealthWorker malware on Windows and Linux systems.
The StealthWorker malware also known as GoBrut is a brute-force malware which is written in the Go language.
Worth noting - Apart from the wider capabilities, the new version of StealthWorker has the capability to compromise multiple platforms. The malware is also capable of updating itself.
The big picture
In this new campaign, attackers are leveraging the brute-force only approach targeting vulnerable host with weak credentials.
After successfully compromising a target machine, the brute-force malware will create scheduled tasks on both Windows and Linux to gain persistence by copying itself in the Startup folder or to the /tmp folder and setting up a crontab entry respectively.
- Once the targeted machine is transformed into a botnet zombie, the StealthWorker will communicate with its C&C server that it is ready to function as a worker and accept tasks.
- After being assigned as a worker, the malware receives the tasks from the C&C server.
- After receiving the list of hosts and credentials from the C&C server, the worker’s task is to log in to the targeted host.
- Once the login is successful, the malware will report the used host and credentials to the C&C server as ‘saveGood’.
Brute force attacks
Researchers noted that while brute force attacks are a common practice of attackers, using a botnet's zombies as part of a large distributed campaign is something new.
StealthWorker malware is primarily used by the attackers for checking the services that are running on a targeted server and to brute force different services.
“Additionally, a distributed brute force attack coming from different source IP addresses can effectively bypass anti-brute force solutions, which are usually based on a threshold (e.g., if x failed requests coming from the source, then block the connection for xx minutes),” researchers wrote in a blog.
- + Aware
Get such articles in your inbox
News
-
Previous News Torrent trackers used to distribute Pirate Matryoshka malware
- March 7, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
An Overview of the Recent Wave of Malware Written in GoLang
- September 25, 2019
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
Previous News Torrent trackers used to distribute Pirate Matryoshka malware
- March 7, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
An Overview of the Recent Wave of Malware Written in GoLang
- September 25, 2019
- |
- Malware and Vulnerabilities
Categories
