The crypto malware Nanshou​ Campaign continues to pose as a threat for various business and services around the world. As of now, it has hit over 50,000 servers. It was first spotted earlier this year. The latest report about the malware comes from the security firm Guardicore Labs. the cryptoware is powerful enough to affect 700 victims each day. Apparently, the malware targets firms running under the healthcare, telecoms, media, and IT sectors.

Guardicore mentions that there are 20 different payloads in the malware. The payload consists of a rootkit that will not allow the malware’s removal. The security firm further notes that the attackers are making use of high-end tools which one can find in the government agencies. It is a matter of concern as the cybercriminals are getting access to these kinds of tools.

There is another interesting discovery which the firm made. The malware payload package was written using Chinese language tools and placed on servers using the Chinese language. Guardicore cites a major reason for this attack is the use of common passwords. So, the attackers are making use of the brute-force attack to steal the credentials.

As a measure to deal with the attack, Guardicore got in touch with the hosting provider of the attack servers and the rootkit certificate issuer. After that, the attack servers were taken down and the certificate was revoked.