malwareA new strain of malware which has been dubbed 'Capoae' has been spotted in the wild. It was written in Go and this strain targets Linux systems and WordPress installations. It was discovered by Larry Cashdollar. Larry is a senior security researcher at Akamai. Capoae is quickly becoming a favorite among threat actors because of its cross-platform capabilities. It also spreads via the exploitation of known bugs and weak admin login credentials.

Cashdollar had this to say about the new strain:

"After the Capoae malware is executed, it has a pretty clever means of persistence. The malware first chooses a legitimate-looking system path from a small list of locations on a disk where you'd likely find system binaries. It then generates a random six-character filename, and uses these two pieces to copy itself into the new location on the disk and deletes itself. Once this is done, it injects/updates a Crontab entry that will trigger the execution of this newly created binary."

So far Capoae has been used to install cryptocurrency miners which is relatively harmless compared to some other payloads like ransomware. Even so there's nothing preventing the hackers currently using Capoae from injecting a more devastating payload. Even if they don't do that cryptocurrency miners are bad enough on their own.

The most notable outward sign of a Capoae infection is an unusual spike in system resource load or unrecognizable system processes in operation. Admins may also notice strange log entries or artifacts such as SSH keys and files.

Although this is not the most dangerous malware strain we've ever seen it's still one that bears worth keeping a watchful eye out for.

To protest your business from malware and ransomware you need professional IT services. Integrated Technology Systems provides both managed and co-managed services. Contact us today for an assessment of your business.

This Malware Could Be Using Your PC To Make Money

 cryptocurrencyIf you haven't heard of a malware strain called Crackonosh, be aware that it might be abusing your system, and specifically, Windows Safe Mode, to make money for its controllers.

In fact, since it was first discovered, researchers at Avast estimate that Crackonosh has quietly generated millions by enslaving PCs around the world and using them to mine cryptocurrency.

Crackonosh is only a few years old, having first been spotted in the wild back in June of 2018. It has spread like wildfire, leveraging the popularity of file sharing (torrent) websites where it piggybacks inside compressed files containing music, movies and cracked versions of in-demand software.

The malware's design is fairly clever, and before it tries to install itself on a target system, it will scan for the presence of antivirus software running on the target machine, then attempting to disable it and delete Windows Defender. Once that's done, Crackonosh takes the additional step of deleting the log file, essentially destroying the evidence of its misdeeds.

Finally, it deploys a cryptocurrency mining software called XMRig, utilizing your PC's resources to mine Monero (XMR), and modifies the registry so that the machine reboots in Safe Mode. That is incredibly clever, because by design, when a computer boots up in Safe Mode, (which is used primarily for diagnostic purposes) only a minimal tool set loads, which doesn't include antivirus software.

Based on Avast's research, Crackonosh is infecting around a thousand machines each day, and so far, nearly a quarter of a million machines have been bent to the will of the group controlling Crackonosh. That amounts to a lot of Monero mining power. Estimates are that it has enabled them to mine more than 9000 XMR, which, based on current prices, amounts to more than two million dollars.

Small businesses cannot afford to ignore these threats. Contact your local IT services company Integrated Technology Systems for an assessment of your cybersecurity weaknesses.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017

Like us on Facebook

Keywords: malware, ransomware, IT Services