Panchan's Mining Rig: New Golang Peer-to-Peer Botnet
To avoid detection and reduce traceability, the malware drops its cryptominers as memory-mapped files, without any disk presence.
It also kills the cryptominer processes if it detects any process monitoring.
Based on the malware's activity and victim geolocation, admin panel language, and the threat actor's Discord user's activity, we believe the threat actor is Japanese.
Akamai MFA can mitigate the risk presented by SSH key harvesting.
In addition, configuring strong SSH passwords should stop the malware in its tracks since it uses a very basic list of default passwords to spread.
We have also published IOCs, queries, signatures, and scripts that can be used to test for infection.
Featured Resources
View More Resources
CUSTOMERS
Financial Regulatory Authority Strengthens Security and Gains Continuous Visibility with Cymulate
Limited Visibility and Reliance on Point-in-Time Testing With a lean team of five responsible for securing a complex internal environment,
blog
CVE-2026-35603: One Writable Folder, Every User Compromised: Exploiting Configuration Trust in AI Coding Tools
Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher The AI coding tools that millions of developers launch every
Demo
Auto Mitigation Demo
Cymulate Auto Mitigation closes the risk-to-fix gap by automatically deploying targeted control updates when exposures are discovered. It then re-validates