A group of web application security experts from Trend Micro firm have detected a hacking campaign against Oracle WebLogic Server implementations to install malicious cryptocurrency mining software. Hackers exploit a vulnerability to install the miner bypassing the detection of system administrators.
The National Vulnerability Database (NVD)
published last April the security alert regarding a severe error in the Oracle
Fusion Middleware WebLogic Server component, tracked as CVE-2019-2725. If
exploited, this flaw would allow threat actors to access the network via HTTP
to compromise the server.
The most recent reports indicate that the flaw
is much more serious than it was thought, since its exploitation in the wild
has been demonstrated to install mining software and extract the cryptocurrency
in the attacked systems, reported the web application security experts.
Attackers exploit the vulnerability with
malware that forces the system to download a certificate file to save it in a
specific location (specialists detected this file as Coinminer.Win32.MALXMR.TIAOODCJ.Component).
In appearance this is a software certificate, but really the miner is embedded
in the file, this certificate is responsible for downloading and executing
files related to the payload of the XMR mining software.
Web application security experts mentioned that
it is not yet known exactly how many systems have been affected by the
exploitation of this vulnerability, besides the number of Oracle implementations
still mining Monero
for the attackers without knowing it.
According to specialists from the International
Institute of Cyber Security (IICS) this malicious campaign has shown how easy
it is for hackers to use certificate files to inject malicious software by
evading any protection measures.
To worsen the situation a little, experts
predict that the revelation of this vulnerability serves as a catalyst for
multiple cryptojacking campaigns using seemingly harmless certificate files, a
situation that would not only affect the administrators of Oracle
implementations, but also to other database management systems.
