Monero crypto miner leveraging Apache Struts vulnerability
Cryptocurrency miners have begun using two older and already patched vulnerabilities to compromise servers to mine the Monero digital currency.
Trend Micro researcher Hubert Lin reported a significant increase in the use of Apache Struts (CVE-2017-5638) and DotNetNuke (CVE-2017-9822) starting in December. So far it’s estimated the malicious actor behind the attacks has netted about US$ 12,000 (£8,574) or 30XMR.
“We believe that this is the work of a single threat actor, as the sites all point to a single malicious domain to download Monero miners, which also all point to a single Monero address,” Lin wrote.
An attack starts with a malicious HTTP request being sent to a server and if the server is susceptible the Apache Struts and DotNetNuke flaws are then drafted into running the code. The code’s operation eventually leads to the downloading of a Monero miner.
Source | scmagazineuk