There’s no doubt that Linux and Mac are more secure operating system choices as opposed to Microsoft Windows. But this doesn’t mean that hackers don’t find ways to infect the machines running these operating systems — in the past, we came across the massive Mirai botnet that controlled the networking devices running Linux.
Mirai creators used Golang (also called Go) programming language to write the code of the malware. Just recently, the security researchers at JPCERT have found another malware written in Go; it even features the cross-platform capability and comes in two versions.
Named WellMess, this malware affects both Linux and Windows operating systems. While the basic functionality of the both versions of the malware remains the same, there are some minor differences.
Just like other malware, WellMess communicates with its command & control (C&C) center and downloads commands for further actions. The commands could be given from C&C server to upload/download files and execute arbitrary shell commands. The Windows version further has the ability to run PowerShell scripts.
The commands are sent to the infected devices in the form of RSA-encrypted HTTP Post request; the cookie header data is RC6-encrypted. That’s not all. WellMess also has a version developed in .Net Framework. The cookie data in the .Net version is same as Go version.
Submitted by: Arnfried Walbrecht
Comments are closed.