The attackers use a credential brute forcing tool written in Golang dubbed Diicot brute. It appears that this malware is offered as a service from Romanian attackers.
The attackers are installing the XMRig Monero crypto currency miner. In the past they have been observed installing IRC bots or variations of the DDoS Demonbot.
The backdoor bot communicates through a Discord channel with the attackers, eliminating the need for a central command and control server that could be taken down.
Acronis Cyber Protect provides behavior-based detection which blocks unwanted cryptocurrency miners. Threats like this script bot are detected statically, before they even execute, on Windows, Mac or Linux operating system. Learn more: https://bit.ly/3iwKlXj
#Diicot #cryptojacking #malware #backdoor #XMrig #Monero #Acronis #CyberFit #CyberProtection #AcronisCyberProtectCloud #CyberSecurityNews #CPOCNews #CPOC #CyberSecurity #CyberProtect
_____
Don't get caught unaware. Stay up-to-date on what's happening in the cyber protection world. Subscribe for more news from our Cyber Protection Operation's Center.
Learn more about #CyberProtection: https://bit.ly/3iwKlXj
0 Comments