Xbash: the Four-Headed Dragon of Malware Set Against Windows and Linux

How does a self-spreading malware with cryptomining and ransomware capabilities sound to you? Entirely hypothetical? Not at all. This new malware strain exists and is a real threat not only to Windows servers but also to Linux. It is dubbed Xbash.

More specifically, the new malware strain combines characteristics of four malware categories – ransomware, botnet, worm, and crypto miners. According to researchers from Palo Alto Networks’ Unit 42, Xbash’s ransomware and botnet capabilities are aimed at Linux systems where the new monstrous malware is instructed to delete databases. As for Windows, Xbash is used for cryptomining purposes and self-propagation, leveraging known security vulnerabilities in Hadoop, Redis, and ActiveMQ services.

Who Is Behind the New Xbash Malware?

Apparently, this latest malware strain is authored by a well-known criminal collective known as Iron and Rocke. The group has been quite active during the past couple of years.

These cybercriminals have been known for carrying out massive ransomware and cryptomining campaigns. Cisco Talos researchers even named the hacking collective “the champion of Monero miners”. There are clues that suggest the group is based in China, but this hasn’t been confirmed. The group was detected delivering ransomware in 2017 and 2018, and later – cryptocurrency miners.

Now, the Iron group has a new malware strain in their hands which combines all previously deployed malicious scenarios. The result is a monstrous piece of malware with botnet-like structure and ransomware and cryptomining capabilities. On top of that, the group is currently working on a worm-like feature for self-propagation, researchers say.

Technical Overview of XBash Malware

According to Palo Alto’s technical analysis, the malware is developed in Python and was later converted into self-contained Linux ELF executables by leveraging the legitimate tool called PyInstaller for delivery purposes.

XBash is also targeting IP addresses and (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/xbash-malware-targets-windows-linux/