Xbash is the latest in a growing number of mult-purpose cocktail of malware that is able to accomplish a number of malicious operations all at once. The malware is basically used for data destroying. The cocktail mix of the malware consists of a deadly combination of botnet, coin mining, ransomware, and self-propagation capabilities. The cocktail malware of ugliness was discovered by Palo-Alto Network’s Unit 42 security researchers. The cocktail has been named “XBash”. XBash has been targeting Linux and Windows servers. Once, the malware is inside the servers, the cocktail spreads very quickly according to Palo Alto. The malware cocktail uses separate attacks depending on the operating system used. For example, Palo Alto researchers’ states, the malware targets Linux servers with ransomware and botnet capabilities and Windows servers with coin mining and self-propagation capabilities. As Dark Reading reports, so far, there have been 48 victims of the new XBash malware. They have all paid out, up to $6000.00 in bitcoins to the hackers that have used the malware cocktail. Unfortunately, those victims did not even get a method for retrieving their files back even after they paid the ransom in bitcoins. XBash starts its devastation by scanning a list of known IP addresses and domains that it captures from its command and control server (C2) for open ports, weak credentials and to find three specific known vulnerabilities that are in Hadoop, Redis and ActiveMQ applications. There is only one CVE number associated with the vulnerabilities which is (CVE-2016-3088). The Xbash Malware cocktail exploit technique was developed by a well-known Hacker Threat Actor known as Iron Group which has used other such combined methods in their use of malware. Redport Information Assurance’s Director of Cyber Operations has stated that she has not seen this type of malware capability before, where it combines ransomware, coin-mining, and worm capabilities in such a malicious cocktail for attacks even on Linux systems.

By Dr. Randall Sylvertooth


Source:
http://www.darkreading.com/attacks-breaches/new-xbash-malware-a-cocktail-of-malicious-functions/d/d-id/1332831

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA