New Go malware Capoae targets WordPress installs, Linux systems
A new strain of malware called Capoae was publicized earlier this week by security research firm Akamai. The firm stated that the new malware is written in the Golang programming language, which is becoming increasingly popular among threat actors due to its cross-platform capabilities. The malware spreads through known vulnerabilities and weak administrative credentials, according to Akamai. Capoae exploits vulnerabilities CVE-2020-14882, a remote code execution vulnerabilities in Oracle WebLogic Server, and CVE-2018-20062, another RCE in ThinkPHP.
According to Akamai, the firm spotted the malware after a sample targeted a honeypot set up by researchers. A PHP malware sample arrived via a backdoor linked to a WordPress plugin called Download-monitor. The plugin was then utilized as a conduit to deploy the man malware payload when was then decoded. Capoae also installs the Monero Cryptocurrency miner.