Campaign Drops Coinminer on Linux Boxes Using Old Elasticsearch Vulnerabilities
#1
Quote:A malware campaign scanning the Internet for exploitable Elasticsearch instances running on Linux machines has been recently observed by Trend Micro and by ISC, in both cases dropping a variant of the XMRig cryptocurrency miner.

"The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch," said Trend Micro.

After the attackers gain the ability to run arbitrary commands on the compromised systems, they can "attempt to escalate the privileges or even pivot to other systems in order to compromise the network further."

Following successful exploitation of the vulnerabilities, the malware will execute a number of shell commands and will download and launch a Bash script named update.sh which will hunt down and kill other miners running on the local system.

Source: https://news.softpedia.com/news/campaign...4253.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
zevish's profile zevish

>