What is the issue - Researchers from AT&T Alien Labs spotted a new malware dubbed ‘Xwo’ which is capable of scanning for default credentials and exposed web services.
Why it matters - This malware is related to two other malware families namely MongoLock ransomware and XBash.
Worth noting - This malware does not include any ransomware or exploitation capabilities.
More details on the malware
What type of information is collected?
After scanning the network range provided by its C&C server, it starts collecting information from the available services such as,
“While Xwo steps away from a variety of malicious features observed the entity using, such as ransomware or exploits, the general use and potential it holds can be damaging for networks around the globe. Xwo is likely a new step to an advancing capability, and we expect the full value of this information collection tool to be acted on in the future,” researchers said.
What you should do?
“We are unable to assess what exactly the operators behind Xwo will use this information for, but based on links to MongoLock and XBash we expect it to be abused for further malicious activity in time,” researchers concluded.