Malware News Hackers Infect Linux Servers With Monero Miner via 5-Year-Old Vulnerability

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
A hacker group has made nearly $75,000 by installing a Monero miner on Linux servers after exploiting a five-year-old vulnerability in the Cacti "Network Weathermap" plugin.

Experts from US security firm Trend Micro said they found evidence connecting these attacks to past attacks on Jenkins servers —during which a hacker group made around $3 million installing a Moner miner on Jenkins installations by exploiting the CVE-2017-1000353 vulnerability.

This time around, attackers leveraged CVE-2013-2618, a vulnerability in Cacti, a PHP-based open-source network monitoring and graphing tool, and more specifically in its Network Weathermap plugin, responsible for visualizing network activity.

Just like in the previous attacks, hackers exploited the flaw to gain code execution ability on the underlying servers, where they downloaded and installed a customized version of XMRig, a legitimate Monero mining software.
.....
.....
.....
Click to expand...
 
  • Like
Reactions: Mariihh, harlan4096, silversurfer and 7 others
Mahesh Sudula

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
This further support my findings that linux can be penetrated and even get damaged by malware execution.Its rather a misconception that Yes i have installed linux on my sys and iam completely safe...:D...Every OS can be penetrated if an USER wants to penetrate it..rather if he wants to be safe he should apply it from his side than expecting from a Kernel /Software.
3-5 yrs from now Linux soon to become a Windows ...as the malcoders are working on it:cool:
Thanks to LINUS TRAVOLDS for developing such an exciting Kernel.
Great share (y) @Faybert
 
  • Like
Reactions: upnorth, harlan4096 and frogboy
A

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
The vulnerability was not Linux but the plugin: "five-year-old vulnerability in the Cacti "Network Weathermap" plugin". It doesn't matter if a Windows or Linux gets infected as long as it is the fault of a plugin or software! I could get upset about theese news pages every day. The title should have been "5-Year-Old Vulnerability in Network Weathermap plugin". But doesn't bring so many clicks :/

@Mahesh Sudula Linux will never be that vulnerable to viruses if you choose the right distro. Debian is very stable and secure and Qubes OS even untouchable.
 
  • Like
Reactions: upnorth and ZeroDay
Mahesh Sudula

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
askalan said:
The vulnerability was not Linux but the plugin: "five-year-old vulnerability in the Cacti "Network Weathermap" plugin". It doesn't matter if a Windows or Linux gets infected as long as it is the fault of a plugin or software! I could get upset about theese news pages every day. The title should have been "5-Year-Old Vulnerability in Network Weathermap plugin". But doesn't bring so many clicks :/

@Mahesh Sudula Linux will never be that vulnerable to viruses if you choose the right distro. Debian is very stable and secure and Qubes OS even untouchable.
Click to expand...
I agree with u..but the thing is SAFETY should be applied from user end then after from an OS / Kernel...
I can penetrate Linux through Firewall directly with Wireshark along with Nmap for port scanning..it's so simple...
Execution in LINUX is damn tough which I agree but see that from all the corners...
Though Superuser holds the rwx(read write execute) rights...but still I can penetrate it through FW with the Process Injection samples...
Remember :- Linux doesn't protect it's critical system files/processes from getting overwritten by an unknown external malicious code..since it's same when it comes to SELF PROTECTION like windows.
Hope u got my idea behind it@askalan
At least we learn things deeply when we discuss and fight:);)
 
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Applause
New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
Replies
0
Views
598
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Replies
0
Views
1,154
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Hackers backdoor Windows devices in Sliver and BYOVD attacks
Replies
0
Views
574
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top