RubyMiner malware plants XMRig on vulnerable systems. Security researchers have discovered malware aimed at Linux and Windows servers running to mine cryptocurrency.
RubyMiner malware plants XMRig on vulnerable systems. Security researchers have discovered malware aimed at Linux and Windows servers running to mine cryptocurrency.
According to researchers at Check Point, attackers have used malware called RubyMiner to infect systems with a cryptocurrency miner called XMrig.
Researchers said in a
blog post that over a 24-hour period last week, hackers attempted to compromise 30 percent of networks worldwide in order to find vulnerable web servers in order to mobilise them to their mining pool. It said that among the top countries targeted are the United States, Germany, United Kingdom, Norway and Sweden, though no country has gone unscathed.
Security firm Certego also noticed a huge spike in attacks as well. It said in a
blog post that the exploit has been trying to leverage a fairly old CVE (CVE-2013-0156) that allows remote code execution.
According to Check Point, the attacker attempts to use multiple web server vulnerabilities to inject the malicious code onto the vulnerable machines. “Among the targeted servers we found attacks on PHP, Microsoft IIS, and Ruby on Rails,” they said.
Check Point researchers said that the hacker also made use of known vulnerabilities within Ruby on Rails and Microsoft IIS. The Ruby on Rails base64 encoded attack vector exploits CVE-2013-0156.
The attacker sends a base64 encoded payload inside a POST request in the hope that the ruby interpreter configured on the server will execute it.
