Panchan's Mining Rig: New Golang Peer-to-Peer Botnet
To avoid detection and reduce traceability, the malware drops its cryptominers as memory-mapped files, without any disk presence.
It also kills the cryptominer processes if it detects any process monitoring.
Based on the malware's activity and victim geolocation, admin panel language, and the threat actor's Discord user's activity, we believe the threat actor is Japanese.
Akamai MFA can mitigate the risk presented by SSH key harvesting.
In addition, configuring strong SSH passwords should stop the malware in its tracks since it uses a very basic list of default passwords to spread.
We have also published IOCs, queries, signatures, and scripts that can be used to test for infection.
Featured Resources
blog
Get Ready to Get MCPwned — Cymulate’s Elite CTF on Securing the Model Context Protocol
When AI agents meet the real world, every protocol becomes a potential attack vector. That’s the big idea behind MCPwned,
CUSTOMERS
How a Retail Organization Became 12x Faster at Assessing Security Controls with Cymulate
Challenge This retail organization has a presence in 34 countries and over 5,800 stores. Its security team uses various controls
blog
Ransomware Detection Techniques: A Smarter Approach to Staying Ahead of Attacks
Ransomware attacks continue to rise in both volume and sophistication, crippling organizations, exfiltrating sensitive data and costing billions annually in