A new strain of malware which has been dubbed ‘Capoae’ has been spotted in the wild. It was written in Go and this strain targets Linux systems and WordPress installations. It was discovered by Larry Cashdollar. Larry is a senior security researcher at Akamai. Capoae is quickly becoming a favorite among threat actors because of its cross-platform capabilities. It also spreads via the exploitation of known bugs and weak admin login credentials.

Among others Capoae exploits CVE-2020-14882 which is a remote code execution bug in the Oracle WebLogic Server. CVE-2018-20062 is another RCE and this one was found in ThinkPHP.

Cashdollar had this to say about the new strain:

“After the Capoae malware is executed, it has a pretty clever means of persistence. The malware first chooses a legitimate-looking system path from a small list of locations on a disk where you’d likely find system binaries. It then generates a random six-character filename, and uses these two pieces to copy itself into the new location on the disk and deletes itself. Once this is done, it injects/updates a Crontab entry that will trigger the execution of this newly created binary.”

Capoae will also attempt to brute-force attack WordPress installations to spread. It may also utilize CVE-2019-1003029 and CVE-2019-1003030. Both of those are additional RCE flaws that impact Jenkins and both have been used in attacks against Linux servers.

So far Capoae has been used to install cryptocurrency miners which is relatively harmless compared to some other payloads like ransomware. Even so there’s nothing preventing the hackers currently using Capoae from injecting a more devastating payload. Even if they don’t do that cryptocurrency miners are bad enough on their own.

The most notable outward sign of a Capoae infection is an unusual spike in system resource load or unrecognizable system processes in operation. Admins may also notice strange log entries or artifacts such as SSH keys and files.

Although this is not the most dangerous malware strain we’ve ever seen it’s still one that bears worth keeping a watchful eye out for.

Related Posts - TKS Blog
Cloud Computing for Business Growth: Scalability, Migration & Multi-Cloud Strategy
Organizations that rely solely on traditional, on-premises infrastructure often struggle with scalability, rising IT costs, limited agility, and increased operational risk. Cloud computing technology has fundamentally...
Read more
February 16, 20264:38 pm
Cybersecurity in 2026: Resolutions Every Business Owner Should Make
A New Year Offers the Perfect Moment to Refresh Your Security Strategy The calendar has flipped to 2026, and while personal resolutions are top of mind,...
Read more
January 16, 202611:57 am
Cybersecurity Compliance Checklist for 2026: CPAs & Financial Firms
A Practical Guide for Louisiana Accounting Firms, Banks, and Credit Unions Compliance Is No Longer Optional Cybercrime isn’t slowing down, and neither are regulators. For CPAs, accounting...
Read more
January 16, 202611:25 am
IT Budgeting Checklist for BusinessIT Budgeting Checklist for Business
Tech Health Check: Is Your Business Ready for 2026?
Before you pop the champagne, make sure your IT isn’t popping errors. Year‑end is the best window to tune up your technology stack by tightening...
Read more
December 8, 20259:53 am

Used with permission from Article Aggregator