1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new Linux malware is targeting some major victims Docker, A

    From TechnologyDaily@1337:1/100 to All on Thu Mar 7 15:30:05 2024
    This new Linux malware is targeting some major victims Docker, Apache
    Hadoop, Redis and Confluence all under attack

    Date:
    Thu, 07 Mar 2024 15:21:58 +0000

    Description:
    Hackers are deploying cryptominers to take advantage of bull market - with
    top tech platforms all being targeted.

    FULL STORY ======================================================================

    Hackers are exploiting misconfigured servers running Docker, Confluence, and other services in order to drop cryptocurrency miners.

    Researchers at Cado Security Labs recently observed one such malware
    campaign, noting how threat actors are using multiple unique and unreported payloads, including four Golang binaries, to automatically discover Apache Hadoop YARN, Docker, Confluence, and Redis hosts, vulnerable to CVE-2022-26134, an unauthenticated and remote OGNL injection vulnerability that allows for remote code execution.

    This flaw was first discovered two years ago, when threat actors targeted Confluence servers (typically the confluence user on Linux installations). At the time, the researchers said internet-facing Confluence servers were at
    very high risk, and urged IT teams to apply the patch immediately. It seem that even now, two years later, not all users installed the available fixes. Unidentified threat

    The tools are also designed to exploit the flaw and drop a cryptocurrency miner, spawn a reverse shell, and enable persistent access to the compromised hosts.

    Cryptocurrency miners are popular among cybercriminals, as they take
    advantage of the high compute power of a server to generate almost
    untraceable profits.

    One of the most popular crypto-miners out there is called XMRig, a small program mining the Monero currency. On the victims side, however, not only
    are their servers unusable, but the miners would rack up their electricity bill fairly quickly.

    For now, Cado is unable to attribute the campaign to any specific threat actor, saying it would need the help of law enforcement for that: As always, its worth stressing that without the capabilities of governments or law enforcement agencies, attribution is nearly impossible particularly where shell script payloads are concerned, it said.

    Still, it added that the shell script payloads are similar to ones seen in attacks done by TeamTNT, and WatchDog. More from TechRadar Pro This new Linux malware floods machines with cryptominers and DDoS bots Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-new-linux-malware-is-targeting-som e-major-victims-docker-apache-hadoop-redis-and-confluence-all-under-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)