This new malware is scanning the internet for systems info on valuable targets

A new form of malware is scanning the internet for exposed web services and default passwords in what’s thought to be a reconnaissance operation – one which might signal a larger cyberattack is to come.

Researchers at AT&T Alien Labs first spotted the malware in March and have named it Xwo after its primary module name. It’s thought that Xwo could be related to two other forms of malicious software – MongoLock ransomware and X Bash, a malware that rolls ransomware, a coinminer, a botnet and a worm into one – due to similarities in the Python-based code.

But unlike MongoLock and Xbash, Xwo doesn’t have any ransomware, cryptocurrency mining or any other similar money-making capabilities: it’s main focus is scanning for credentials and exposed services and sending information back to its command and control server.

Read more…
Source: ZDNet