New Xbash Malware: A Deadly Fusion of Ransomware, Botnet, Cryptominer

With cryptocurrency once again making the headlines, a new malware called Xbash has been found at Palo Alto Networks by the researchers. The malware is reported to be a deadly fusion of botnet, ransomware and cryptocurrency mining software.
The probable targets of Xbash are – servers running on Windows or Linux, it attacks poorly protected systems with weak passwords or devices functioning with unpatched known vulnerabilities.
Notably, the lethal combo comes with a customized execution based on the OS it is crippling. Dissecting it a bit, it targets Windows for cryptocurrency mining and self-propagation and Linux devices are vulnerable to Xbash’s ransomware threat which creates botnets.
The ransomware mildly assaults the victims by first encrypting a file of theirs and then with an unreliable claim of restoring the same at expenses.
Boring a startling likeness to the infamous NotPetya, Xbash too suffers a deficiency of features to assist the restoration of data. For the release of the file held captive, it asks for a ransom, however, the file continues being encrypted even after the payment has been made.
Reportedly, so far the criminals have seized a sum of $6,000 in Bitcoin from the 48 systems who succumbed to the malware. Thus, labeling Xbash as a mere ransomware won’t sum its objective up, which apparently is an irrevocable ruination of victim’s data.
Xbash is equipped with features that allow (once enabled) it to compromise an organization’s intranet. Its potential of compromising networks and equipping attackers to tamper with an organization’s major services is what elevates its rank further on the scale of danger.
First spotted in May 2018, Xbash is an ‘Iron Group’ manufactured malign creation. Reportedly, the entity is associated with other ransomware attacks as well.
Currently found in 4 different versions with distinct codes and timestamps, it is believed that Xbash is still under development which further implies that the attackers are strengthening the foundation by embedding more lethal functionalities in the malware or perhaps simplifying the intranet attack.
Irrespective of the scenario, users are advised to perform timely backups for crucial data and take preventive measures wherever necessary.  

Leave a Reply