Security researchers have detected a new wave of cryptocurrency-mining malware infecting servers across the web, and this one is using multiple exploits to gain access to vulnerable and unpatched systems to install a Monero miner.
Experts from AlienVault say this new campaign —which they dubbed
MassMiner— uses exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017-5638 (Apache Struts).
MassMiner campaign uses famous exploits
The MassMiner crew sure has an excellent taste when it comes to exploits. All of the above are well-known and highly efficient vulnerabilities.
CVE-2017-10271 has been under active exploitation since last year, and at least one gang made a killing with it,
racking up over $226,000 from covert cryptocurrency mining operations. The vulnerability is still one of the most actively targeted server flaw, even today.