A new wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials. The attacks also involve the deployment of a Golang binary with decryption functionality. The malware is said to be delivered to the hosts via a backdoored addition to a WordPress plugin called “download-monitor,” which gets installed after successfully brute-forcing WordPress admin credentials. Once they’ve been infected, these systems are then used to mine cryptocurrency.”]
Source: https://thehackernews.com/2021/09/new-capoae-malware-infiltrates.html