Security researchers have discovered a new self-spreading Golang-based malware that has been actively dropping XMRig cryptocurrency miners on both Windows and Linux servers since early December.

 

This multi-platform malware also has worm capabilities that allow it to spread to other systems by brute-forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords as revealed by Intezer security researcher Avigayil Mechtinger.

The attackers behind this campaign have been actively updating the worm's capabilities through its command-and-control (C2) server since it was first spotted which hints at an actively maintained malware.