Network attacks exploiting a recently patched Drupal vulnerability are attempting to drop Monero mining malware onto vulnerable systems, Trend Micro reports.
Tracked as CVE-2018-7602 and considered a highly critical issue that could result in remote code execution, the vulnerability impacts Drupal’s versions 7 and 8 and
was addressed in April this year.
The flaw is dubbed Drupalgeddon3 and the patch for it only works if the fix for the original
Drupalgeddon2 vulnerability (CVE-2018-7600) has been applied.
Last month,
hackers were observed targeting both security vulnerabilities to deliver a variety of threats, including cryptocurrency miners, remote administration tools (RATs) and tech support scams.
Trend Micro now
says they noticed network attacks exploiting CVE-2018-7602 to turn affected systems into Monero-mining bots. As part of the observed incidents, the exploit fetches a shell script that retrieves an Executable and Linkable Format-based (ELF) downloader.
[...]
Hackers Exploit Drupal Flaw for Monero Mining | SecurityWeek.Com
