13 December 18, 18:36
Quote:A malware campaign scanning the Internet for exploitable Elasticsearch instances running on Linux machines has been recently observed by Trend Micro and by ISC, in both cases dropping a variant of the XMRig cryptocurrency miner.
"The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch," said Trend Micro.
After the attackers gain the ability to run arbitrary commands on the compromised systems, they can "attempt to escalate the privileges or even pivot to other systems in order to compromise the network further."
Following successful exploitation of the vulnerabilities, the malware will execute a number of shell commands and will download and launch a Bash script named update.sh which will hunt down and kill other miners running on the local system.
Source: https://news.softpedia.com/news/campaign...4253.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
