In what may be the foreshadowing of an eventual large scale cyber-attack, a new type of malware was recently discovered by researchers at AT&T Alien Labs. Foreshadowing, because the malware is known to scan the internet for exposed web services and default passwords during what's been thought to be a reconnaissance mission.
This new strain of malware shares certain features with the MongoLock Ransomware and the Xbash multipurpose malware. Xwo Bot Scanner scans and collects information about SVN, Git paths and other exploitable network details and paths.
Once the malware has collected all the information it can, it sends all credentials and data back to its own C&C servers where the Xwo Bot Scanner is available to the hackers.
The malware itself does not execute malicious scripts, it does however provide a surveillance tool for would be cyberthieves to find vulnerabilities in the networks of would be victims.
Leave a Reply
Thank you for your response.
Please verify that you are not a robot.