Panchan Virus Cryptomines on Victims’ Computers
Hackers Terrorize Linux Servers for Illegal Cryptomining Scheme
Dark web criminal hackers have found a new way to haul in an exponential amount of money into their coffers. With cryptojacking – the threat actors have been wreaking havoc on the Linux Servers. In this scheme, hackers utilized cyber attack tactics to infiltrate and hijack the resources of a victim’s computer, and use up its resources to secretly mine cryptocurrencies.
As of March 2022, cyber security analysts have issued a warning about the malicious Panchan botnet. Investigation shows that hackers have been clamoring to use it to illegally breach computers in the education and telecommunication sector to mine digital currencies. The researchers documented that the new virus infects mainly Linux servers through a brute-force backdoor, which steals SSH credentials.
Reportedly, the new peer-to-peer botnet, aptly named “Panchan”, according to analysts at Akamai Technologies, is one of the most recent hacking threats launched in 2022. When tracked to the Linux data server, it was discovered that the hacking group for the malicious software was identified as Japanese hackers.
The Panchan software with its SSH worms functions such as SSH key abuse and dictionary attacks has been noted to execute rapid lateral reproduction movements. With this acute capability, it can virtually spread quickly to any other device in the breached computer network.
Persistent Virus Relaunch Itself
In addition, its unprecedented detection avoidance abilities used memory-mapped miners and dynamic process detection monitoring. It can immediately stop its mining modules if it senses that it was detected by the computer system.
Through stealth operation, it reproduced easily without alerting the victimized system. After locating a new host; it exploits the SSH keys, or used brute force attacks to bypass the usernames and passwords of that private computer network. If successful, Panchan creates a hidden folder under the name “xinetd”.
The endurance of its longevity is critical to the hackers’ success; it persistently copies itself to a folder called “/bin/system-worker”. Thus, it is able to create a new system service that will launch a new copy of the malicious software with each reboot of the computer network.
Panchan’s rebooting capabilities allow the virus to disguise itself as an actual system service. Additionally, Panchan is equipped with a binary function that sends an HTTPS POSTS request to a Discord webhook, which gives the hackers the opportunity to spy on their victims.
Above all, Panchan was written in a highly versatile programming language called the Go programming language, or “Golang” for short. Golang was developed by Google engineers to create an efficient open source programming language for web developers.