Telecommunications and education firms in the Americas, Asia, and Europe are having their Linux servers attacked by the new Panchan botnet and cryptominer, which leverages the concurrency capabilities of the Go programming language to facilitate malware
distribution and payload execution, TechRepublic
First identified in March, Panchan does not only conduct typical SSH dictionary attacks but also facilitates SSH key collection for lateral movement, with the SSH configuration and keys gathered from the host machine's running user HOME directory, according to an Akamai Security Research report. The findings also showed Panchan's utilization of a "godmode" communication and admin panel within its binary, as well as its ability to download cryptominers in the form of memory-mapped files in an effort to evade detection. Meanwhile, most Panchan attacks may have been targeted at the education sector because of lacking cyber hygiene and prevalent SSH key sharing across different academic institutions, said Akamai researcher Stiv Kupchik.