Hackers Exploiting 5-year-old Flaw To Turn Linux Machines Into Cryptomining Bots

Share on twitter
Tweet
Share on whatsapp
WhatsApp
Share on facebook
Share
Linux mining flaw

With the help of in-browser mining services like CoinHive, website owners have an easy way to hijack your CPU cycles and print free money. The notorious cybercriminals are also using new techniques to inject miners into computers and turn them into cryptomining machines. Just last month, we even told you about the first Firefox extension which was found to be indulged in a similar activity.

The well-known security firm Trend Micro has recently published a new finding that details new mining attempts, which were found to be related to JenkinsMiner malware.

This campaign is currently active and it targets Linux servers by exploiting a 5-year-old security flaw. It’s worth noting that the patch of the flaw (CVE-2013-2618) is available.

This flaw is basically a cross-site scripting (XSS) flaw in editor.php in Cacti Network Weathermap tool, which is used to visualize network activity by sysadmins.

The most affected countries by this campaign are Japan, Taiwan, China, United States, India, South Korea, Malaysia, Turkey, and Brazil.

Also Read: 6 Easy Ways To Block Cryptocurrency Mining In Your Web Browser

As you can see in the graph below, the campaign peaked in February and isn’t showing any signs of slowing down this month. As of March 21, the hackers have earned about 320 XMR or about $74,677.

Image: Trend Micro

The final payload being used in the attack is a modified version of XMRig miner, which is a legitimate and open source XMR miner. The version being used hides the command-line display and renders the configuration or parameters unnecessary.

As it’s apparent, the very basic thing that can easily protect your Linux machines is updating it and installing the latest patches. Go ahead, make it a habit!

Did you find this story helpful? Share your feedback in the comments section and keep reading Fossbytes!

Also Read: How “Hacker Search Engine” Shodan Caught Leakage of 750MB Worth Of Server Passwords
Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]

New on Fossbytes

Scroll to Top