Engineers at AT&T Labs found a new type of malware that scans the internet for valuable data.
The main motive is said to be a reconnaissance operation which can lead to a cyber attack crisis. This malware examines the Internet for exposed web services and saved credentials which are to be used for additional damage. The malware was detected in March and the scientists have named it Xwo malware which is originated from its main module name.
- The latest window update is breaking PCs with antivirus installed
- Internet Archive rejects to host contents sitting as ‘a terrorist’.
- These Android Applications are Invading Your Privacy Without your Consent
The relation is derived from the similarities in the code which is mostly coded in Python. However, the Xwo Malware is very different from the other forms of malware too. That seems not to contain any cryptocurrency software, ransomware or botnet, although its main focus is to steal the default preserved credentials of the Browser history of the user. The malware then sends the derived information to its control server or machine, whichever is used to control the Xwo malware.
The fundamental performance of malware can be interpreted in this fashion. It hunts for the most visited website in a user’s browser and clones it. Then it joins a .tk field, which is free to avoid attack losses. Besides this, it performs the simulated website to the user. The user starts his/her credentials which are later sent to the central command and control server. The message is transmitted back to the server using HTTPS POST calls.
The malware scans for credentials in the web services like TP, MySQL, PostgreSQL, MongoDB, Redis, Memcached, as well as take benefit of the Apache Tomcat vulnerabilities to collect information.
This malware is totally scanning-based. It ventures to identify valuable targets moreover reports back the forces to a C2 server. “It is our dogma that this insight is then accepted by the attacker for additional attacks outside of Xwo, says Tom Hegel, who is a security researcher at AT&T Alien Labs”.The Xwo moves aside from a class of malicious traits…such as ransomware or exploits. The widespread practice and potential it holds can be damaging for networks around the earth,” he added.
Xwo may not be a significant transformation in the rival changing tactics, merely than exploring with different inclinations. Based on our evaluation of the relation to XBash and MongoLock, the rival has historically been distinct in their toolset,” said Hegel.
Researchers have recommended the users to circumvent the use of default credentials and use two-step verification wheresoever feasible. That is not for their protection but to limit such worthy data from reaching the hands of the criminals. As such a data can be directed to build a more powerful and devastating cybercrime, which no one might have ever experienced till date.