https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Detected in the wild, does not attack vulnerabilities, initial compromise is only by trying weak root passwords against thousands of Linux (and IoT) machines, hoping to log into any.
Once successful, it will attempt to spread not only by joining the botnet to try the next password, it will also locate any local keys used for authentication and attempt to login to those remote machines. In other words, if you SSH into every machine in your network and you’re compromised, then every other machine in your network you SSH into would also be immediately compromised.
Although considered “simple” and “lacking in features,” a compromised machine will both attempt to infect other machines and can perform DDOS attacks as part of the botnet.
This does not target MSWindows machines today… yet.
Recommended Mitigation:
Don’t use weak passwords.
Don’t know what a weak password is?
Do an Internet search on the “Top 60 most commonly used passwords” for starters.
To mitigate against brute force attacks, a stronger password will depend on both variety (upper, lower, numeric, special characters), and length (8 characters minimally but still bad. At least 15 characters much better).Be aware though that what humans consider an unusual character wouldn’t be anything unusual to a computer doing a brute force attack, so I generally discourage use of special keystroke combinations which are difficult to type… You’ll just discourage yourself from using something difficult to do while hardly affecting a computer which wouldn’t consider a difficult keystroke anything different than something simpler.
TSU