Akamai Warns Of "Panchan" Linux Botnet That Leverages Golang Concurrency, Systemd
1 min read
Jun 20, 2022
Akamai Security Research is lifting the public embargo on "Panchan", a new peer-to-peer botnet they are warning customers about that has been breaching Linux servers since March.
Panchan is a Linux botnet that is written in the Go programming language and leverages Golang's concurrency for maximizing its effectiveness of spreading and executing malware modules. Panchan additionally relies on memory-mapped files to avoid detection via on-disk presence while also reportedly stopping its crypto-mining processes when detecting process monitoring. While this botnet performs crypto-mining, there is also a "god mode" baked into this malware as well.
Panchan is also made persistent by copying itself to /bin/systemd-worker and creating a systemd service to try to appear as a legitimate systemd service. Looking for "systemd-worker" is one of the ways to detect the possible presence of this Linux botnet on your system.
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
New GhostRace Attack Impacts Major CPU, Software Vendors
1 - 0 min read
US Dismantles IPStorm Botnet Proxy Service
1 - 0 min read
Has Linux Lost Its Security Edge?
1 - 0 min read
Critical PHP Info Disclosure, Code Execution Bugs Fixed
