Hundreds of SugarCRM Servers Infected with Critical In-The-Wild Exploit

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers.

The vulnerability began as a zero-day when the exploit code was posted online in late December. The person posting the exploit described it as an authentication bypass with remote code execution, meaning an attacker could use it to run malicious code on vulnerable servers with no credentials required. SugarCRM has since published an advisory that confirms that description. The exploit post also included various “dorks,” which are simple web searches people can do to locate vulnerable servers on the Internet.

Mark Ellzey, senior security researcher at network monitoring service Censys said in an email that as of January 11, the company had detected 354 SugarCRM servers infected using the zero-day. That’s close to 12 percent of the total 3,059 SugarCRM servers Censys detected. As of last week, infections were highest in the US, with 90, followed by Germany, Australia, and France. In an update on Tuesday, Censys said the number of infections hasn’t ticked up much since the original post. SugarCRM’s advisory, published on January 5, made hotfixes available and said it had already been applied to its cloud-based service. It also advised users with instances running outside of SugarCloud or SugarCRM-managed hosting to install the hotfixes. The advisory said that the vulnerability affected Sugar Sell, Serve, Enterprise, Professional, and Ultimate software solutions. It didn’t impact the Sugar Market software.
Both Censys and SugarCRM advisories provide indicators of compromise that SugarCRM customers can use to determine if they’ve been targeted. Users of vulnerable products should investigate and install hotfixes as soon as possible.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top