New Go malware Capoae targets WordPress installs, Linux systems

The new Capoae Go malware, which targets WordPress installs and Linux systems, highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads.

A new strain of malware, written in Go, has been spotted in cyberattacks launched against WordPress and Linux systems. 

On Thursday, Larry Cashdollar, senior security researcher at Akamai said the malware, dubbed Capoae, is written in the Golang programming language -- fast becoming a firm favorite with threat actors due to its cross-platform capabilities -- and spreads through known bugs and weak administrative credentials. 

Vulnerabilities exploited by Capoae include CVE-2020-14882, a remote code execution (RCE) flaw in Oracle WebLogic Server, and CVE-2018-20062, another RCE in ThinkPHP.