Home Resources Blog New Malware Combines Ransomware, Coin Mining and Botnet Features in One

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots
21.09.2018
image 2 Min read

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems.

Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners.

According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/NotPetya.

In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization’s network.

Developed in Python, XBash hunts for vulnerable or unprotected web services and deletes databases such as MySQL, PostgreSQL, and MongoDB running on Linux servers, as part of its ransomware capabilities.

Once find an open port, the malware uses a weak username and password dictionary attack to brute force itself into the vulnerable service, and once in, deletes all the databases and then displays the ransom note.

What’s worrisome is that the malware itself does not contain any functionality that would allow the recovery of the deleted databases once a ransom amount has been paid by the victims.

To date, XBash has infected at least 48 victims, who have already paid the ransom, making about $6,000 to date for cybercriminals behind the threat. However, researchers see no evidence that the paid payments have resulted in the recovery of data for the victims.

The malware also has capabilities to add targeted Linux-based systems in a botnet.

Image Source

Read more: The Hacker News

Learn More

What is FinOps? The Complete Guide
Cloud Cost Optimization
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 31.05.23

While cloud-computing supports immense innovation – providing limitless resources in the pursuit of greater output and agility – public cloud end-user spending is projected to reach a staggering $600 billion this year. Hyperscale cloud vendors remain driving forces behind this growth, having proven their salt as highly strategic launchpads for digital transformation. The competition for […]

Read more
Cloud Cost Optimization: A Strategic Approach to Business Expansion
Cloud Cost Optimization
Francesco Altomare, Southern Europe Regional Manager @ GlobalDots 18.05.23

FinOps is a strategic framework designed to manage and optimize cloud costs effectively. It’s a transformative approach that brings financial accountability to the forefront of the variable spend model of cloud computing. This model allows businesses to gain a firm grip on their cloud expenses, ensuring that every dollar spent is accounted for and utilized […]

Read more
AWS Data Transfer Cost Optimization: Everything You Need to Know
Cloud Cost Optimization
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 17.05.23

While AWS services provide a wealth of mission-critical services – storing over 2.2 trillion objects in S3 – many organizations are left floundering in the solution’s complex pricing structures. Spanning transfer types and geographies, data transfer costs can be hugely unpredictable and rapidly get out of hand.  Below, we leverage decades of industry experience to […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo