After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency.
On March 20, Atlassian released patches for two
critical-severity vulnerabilities affecting Confluence Server and Confluence Data Center. Of them, CVE-2019-3396, is a server-side template injection in the Widget Connector that can lead to remote code execution.
Three weeks later, cybercriminals created the first exploit for this security bug and started hitting vulnerable Confluence servers. Troy Mursch of Bad Packets security company noticed exploitation activity from an IP address in Romania, dropping the Dofloo DDoS malware.