XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins

A newly discovered malware has different capabilities for Windows and Linux systems, including ransomware and cryptomining. Researchers have discovered a new sophisticated malware family in the wild, which wrecks havoc on Windows and Linux systems with a combination of data destructive ransomware and malicious cryptomining. The malware, dubbed by Palo Alto Networks’ Unit 42 researchers who discovered it as Xbash, has been targeting weak passwords and unpatched vulnerabilities to infect systems. Xbash also shares striking similarities to worms like WannaCry and Petya/NotPetya, such as self-propagation capabilities and its ability to rapidly spread. “Xbash aimed on discovering unprotected services, deleting victim’s MySQL, PostgreSQL and MongoDB databases, and ransom for Bitcoins,” the researchers said in a Monday post. “Xbash uses three known vulnerabilities in Hadoop, Redis and ActiveMQ for self-propagation or infecting Windows system.”