With the help of in-browser mining services like CoinHive, website owners have an easy way to hijack your CPU cycles and print free money. The notorious cybercriminals are also using new techniques to inject miners into computers and turn them into cryptomining machines. Just last month, we even told you about the first Firefox extension which was found to be indulged in a similar activity.
The well-known security firm Trend Micro has recently published a new finding that details new mining attempts, which were found to be related to JenkinsMiner malware.
This campaign is currently active and it targets Linux servers by exploiting a 5-year-old security flaw. It’s worth noting that the patch of the flaw (CVE-2013-2618) is available.
This flaw is basically a cross-site scripting (XSS) flaw in editor.php in Cacti Network Weathermap tool, which is used to visualize network activity by sysadmins.
The most affected countries by this campaign are Japan, Taiwan, China, United States, India, South Korea, Malaysia, Turkey, and Brazil.
As you can see in the graph below, the campaign peaked in February and isn’t showing any signs of slowing down this month. As of March 21, the hackers have earned about 320 XMR or about $74,677.
The final payload being used in the attack is a modified version of XMRig miner, which is a legitimate and open source XMR miner. The version being used hides the command-line display and renders the configuration or parameters unnecessary.
As it’s apparent, the very basic thing that can easily protect your Linux machines is updating it and installing the latest patches. Go ahead, make it a habit!
Did you find this story helpful? Share your feedback in the comments section and keep reading Fossbytes!
