A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022.
Dubbed Panchan by Akamai Security Research, the malware “utilizes its built-in concurrency features to maximize spreadability and execute malware modules” and “harvests SSH keys to perform lateral movement.”
The feature-packed botnet, which relies on a basic list of default SSH passwords to carry out a dictionary attack and expand its reach, primarily functions as a cryptojacker designed to hijack a computer’s resources to mine cryptocurrencies.
The cybersecurity and cloud service company noted it first spotted Panchan’s activity on March 19, 2022, and attributed the malware to a likely Japanese threat actor based on the language used in the administrative panel baked into the binary to edit the mining configuration.
images from Hacker News