Linux Trojan Written In Go Mines For Cryptocurrencies

A Linux Trojan written entirely in Googles ‘Go’ programming language is infecting computers and installing programs that mine for cryptocurrencies.

The malware, known as ‘Linux.Lady.1’ consists entirely of libraries published on the GitHub repository and although researchers at Russian cybersecurity firm Doctor Web said they had encountered Go Trojans before, it was not common to find them in the wild.

Linux Torjan

Once it launches, the Trojan sends the Linux version running on the infected system, the OS family, CPU, names and processes to a command and control server.

It then receives a configuration file that downloads the cryptocurrency mining application and a special website that can be used to determine the external IP of the system.

This is used to infect other machines on the network and to generate income by mining the ‘Moreno’ currency, which is then sent to a digital wallet.

The exploit makes use of misconfigured REmote DIctionary Server (Redis) NoSQL servers which do not have passwords or other security mechanisms enabled by default. This allows the malware to spread.

This is because the open source project, previously backed by the likes of VMware and Pivotal, prioritises performance and so end users must enable such features for protection.

According to a Risk Based Security report, as many as 30,239 Redis servers are found on search engine Shodan and 6,338 installations are compromised, dating back to version 1.2. The current stable release is 3.2.1, meaning significant numbers are vulnerable for exploitation.

Quiz: What do you know about Linux?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

4 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

19 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

21 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

23 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

23 hours ago