SYMBOLCOMMON_NAMEaka. SYNONYMS
win.stealthworker (Back to overview)

StealthWorker Go

According to Fortinet, StealthWorker is a brute-force malware that has been linked to a compromised e-commerce website with an embedded skimmer that steals personal information and payment details. Before hackers can embed a skimmer, however, the first requirement is for hackers to gain access to their target’s backend. Hacker’s commonly take advantage of vulnerabilities in the Content Management System (CMS) or its plugins to gain entry into the target’s system. Another, simpler option is to use brute force attacks. Though quite slow, this method is still effective against administrators using weak or commonly used passwords.

References
2021-08-09Bleeping ComputerSergiu Gatlan
Synology warns of malware infecting NAS devices with ransomware
StealthWorker Go
2019-02-26MalwarebytesJérôme Segura
New Golang brute forcer discovered amid rise in e-commerce attacks
StealthWorker Go WallyShack

There is no Yara-Signature yet.