Malware Scans The Internet For Valuable Data

Engineers at AT&T Labs found a new type of malware that scans the internet for valuable data.

The main motive is said to be a reconnaissance operation that can lead to a cyber attack crisis. This malware examines the Internet for exposed web services and saved credentials that are to be used for additional damage. The malware was detected in March and the scientists have named it Xwo malware which originated from its main module name.

This malware was recognized in March and the experts ought described it as Xwo malware, dawned from its principal module name.
Recommended News:

The relation is derived from the similarities in the code which is mostly coded in Python. However, the Xwo Malware is very different from the other forms of malware too. That seems not to contain any cryptocurrency software, ransomware, or botnet, although its main focus is to steal the default preserved credentials of the Browser history of the user. The malware then sends the derived information to its control server or machine, whichever is used to control the Xwo malware.

The fundamental performance of malware can be interpreted in this fashion. It hunts for the most visited website in a user’s browser and clones it. Then it joins a .tk field, which is free to avoid attack losses. Besides this, it performs the simulated website for the user. The user starts his/her credentials which are later sent to the central command and control server. The message is transmitted back to the server using HTTPS POST calls.

The malware scans for credentials in the web services like TP, MySQL, PostgreSQL, MongoDB, Redis, and Memcached, as well as takes benefit of the Apache Tomcat vulnerabilities to collect information.

This malware is totally scanning-based. It ventures to identify valuable targets and moreover reports back the forces to a C2 server. “It is our dogma that this insight is then accepted by the attacker for additional attacks outside of Xwo, says Tom Hegel, who is a security researcher at AT&T Alien Labs”.The Xwo moves aside from a class of malicious traits…such as ransomware or exploits. The widespread practice and potential it holds can be damaging for networks around the earth,” he added.

Xwo may not be a significant transformation in the rival changing tactics, merely exploring with different inclinations. Based on our evaluation of the relation to XBash and MongoLock, the rival has historically been distinct in their toolset,” said Hegel.

Researchers have recommended that users circumvent the use of default credentials and use two-step verification wheresoever feasible. That is not for their protection but to limit such worthy data from reaching the hands of criminals. As such data can be directed to build a more powerful and devastating cybercrime, which no one might have ever experienced to date.


After working as digital marketing consultant for 4 years Deepak decided to leave and start his own Business. To know more about Deepak, find him on Facebook, LinkedIn now.

Leave a Reply

Your email address will not be published. Required fields are marked *