Security researchers have uncovered an emerging malware campaign targeting misconfigured servers hosting web-facing services like Apache Hadoop YARN, Docker, Confluence and Redis.
This campaign is notable for employing novel Golang payloads designed to automate the identification and exploitation of vulnerable hosts.
According to an advisory published by Cado Security Labs today, these payloads facilitate Remote Code Execution (RCE) attacks by leveraging common misconfigurations and the Confluence vulnerability CVE-2022-26134.
Upon gaining initial access, the attackers deploy shell scripts and Linux attack techniques to establish persistence and execute a cryptocurrency miner.
