Due to the recent surge in cryptocurrency trading prices, most online systems these days are often under assault from crypto mining botnets looking to gain a foothold in unsecured systems and make a profit for their criminal masters.

The latest of these threats is a botnet called  WatchDog . Discovered by Unit 42, a threat intelligence division at Palo Alto Networks, this crypto mining botnet has been active since January 2019.

Written in the Go programming language, researchers say they have seen WatchDog infect Windows and Linux systems.

The entry point for their attacks has been outdated business applications. According to an analysis of the WatchDog botnet operations published Wednesday, Unit 42 said that the botnet operators used 33 different exploits to attack 32 vulnerabilities in software such as:

  • Drupal
  • Elasticsearch
  • Apache Hadoop
  • Redis
  • Spring Data Commons
  • SQL server
  • ThinkPHP
  • Oracle WebLogic
  • CCTV (it is currently unknown if the target is a CCTV set or if there is another nickname that could mean “cctv”).

Based on the details the Unit 42 team was able to learn by analyzing the WatchDog malware binaries, the researchers estimated the size of the botnet to be around 500 to 1,000 infected systems.

The gains were estimated at 209 Monero coins, currently valued at around $ 32,000, but the actual figure is believed to be much higher as the researchers only managed to analyze a few binaries, and the WatchDog band is believed to have used many more addresses. Monero to collect your illegal crypto mining funds.


The good news for server owners is that WatchDog is not yet on par with recent cryptocurrency mining botnets like TeamTNT and Rocke, which in recent months have added capabilities that allow them to mine credentials for AWS and Docker systems from the infected servers.

However, the Unit 42 team warns that such an update is only a few keystrokes away for WatchDog attackers.

On infected servers, WatchDog generally runs with administrator privileges and could perform a credential scan and dump without any difficulty, if its creators ever wanted to.

To protect your systems against this new threat, the advice for network defenders is the same that security experts have been giving for the last decade: keep systems and your applications up-to-date to prevent attacks that use exploits for old vulnerabilities.

Source: Link

About the author: Eduardo Kando Verified Member WiseGroup Manager Verified Member Into Cybersecurity ISA Groups Member Verified Member Into Cybersecurity ISA Groups Member
I am here to help and guide all visitors to the WisePlant website. It will be a pleasure to answer your questions, know your concerns and receive your recommendations to improve our services.