Akamai Warns Of "Panchan" Linux Botnet That Leverages Golang Concur...

Advisories

Discover Hacks/Cracks News

Akamai Warns Of "Panchan" Linux Botnet That Leverages Golang Concurrency, Systemd

32.Lock Code Circular

Akamai Security Research is lifting the public embargo on "Panchan", a new peer-to-peer botnet they are warning customers about that has been breaching Linux servers since March.



Panchan is a Linux botnet that is written in the Go programming language and leverages Golang's concurrency for maximizing its effectiveness of spreading and executing malware modules. Panchan additionally relies on memory-mapped files to avoid detection via on-disk presence while also reportedly stopping its crypto-mining processes when detecting process monitoring. While this botnet performs crypto-mining, there is also a "god mode" baked into this malware as well.

Panchan is also made persistent by copying itself to /bin/systemd-worker and creating a systemd service to try to appear as a legitimate systemd service. Looking for "systemd-worker" is one of the ways to detect the possible presence of this Linux botnet on your system.

 

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.