Si Cyber Intel: StealthWorker Malware Uses Compromised Windows And Linux Computers To Deliver A Series Of Brute Force Attacks
A malicious new malware dubbed ‘StealthWorker’ or ‘GoDub’ has been discovered by researchers. The malware works by dropping multi-platform brute force attacks on compromised Linux and Windows machines which then goes on to brute force other computers in order to create a malicious campaign of brute force attacks.
Researchers have identified that ‘StealthWorker’ has two main functions; ‘_check_’ functions that identify and verify the service as a suitable host and then the ‘_brut_’ function of the malware that uses the brute force attacks on the victim.
Researchers from FortiGuard Labs have identified that StealthWorker malware has been linked to many compromised Magento-powered e-commerce websites in which attackers have worked by embedding as a skimmer to retrieve card details and target personal information.
FortiGuard also reported that the malware was able to exploit a number of vulnerabilities in cPanel Content Management Systems (CMS), Magento and phpMyAdmin to aid infiltration due to weak credentials and found that if that failed, it would use the brute force function to gain access.
StealthWorker begins by scheduling an execution that ensures the malware still exists even when the system is rebooted. Once firmly infiltrated into the system, StealthWorker connects to its C&C server to give the go-ahead that it is ready to function as a worker and reports back with the host’s information and credentials as ‘saveGood’.
For information about how you can protect your organisation, please contact firstname.lastname@example.org