XBash malware combines ransomware, coinminer, botnet, & worm features

New malware strain has been discovered in the wild that combines features from four types of malware categories --ransomware, coinminers, botnets, and worms-- to create a dangerous cocktail that has been wreaking havoc among Linux and Windows servers.

Named XBash, this new malware strain is the work of a well-known criminal group previously identified under the codenames of Iron [1, 2] and Rocke, and which has been extremely active in the past two years.

Iron has been tied to ransomware distribution campaigns, but also to a massive crypto-mining operation. Cisco Talos has called this group "the champion of Monero miners," and has hinted the group may be based in China.

Until now, the Iron group has focused on one operation at a time, using specific malware for specific tasks. It deployed ransomware in 2017 and early 2018, and then switched to spreading a cryptocurrency miner (coinminer) in 2018.

But Palo Alto Networks researchers say the group has now rolled out the new XBash malware strain that is a combination of all their previous tactics, rolling a botnet-like structure together with coinminer and ransomware functionality, all into one...


Read more:
 
Back
Top