Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments

### Executive summary Aqua Nautilus researchers analyzed a new Gafgyt variant that brute-forces exposed SSH services to execute two in-memory binaries—a Go-compiled scanner/worm and an XMRig cryptominer—targeting both IoT and cloud-native servers (including GPU-equipped hosts). The campaign uses fileless execution from /dev/shm, downloads credential lists from a hard-coded C2 (107.189.5.210), removes logs/history to evade detection, and was observed by Aqua Runtime Protection which generated behavioral alerts and audit logs.