Security experts say the critical Apache Struts vulnerability, discovered last week, is being actively exploited to maliciously install a popular hidden cryptocurrency miner on a victim's system.
Experts at Volexity reported earlier this week that they noticed suspicious activity shortly after a working mock-up of software exploiting the vulnerability was made public.
Volexity concludes that the attacks seen so far, "in the wild", use code taken directly from publicly published Proof-of-Concept. In this case, Apache Struts is vulnerable to improper namespace validation of incoming data, a flaw that is easy to exploit.
On August 27, 2018, Volexity discovered at least one malware attempting to exploit CVE-2018-11776 en masse to install the CNRig cryptocurrency miner from the BitBucket repository. The scans initially detected were from Russian and French IP addresses 95.161.225.94 and 167.114.171.27.
The CVSS 10.0 vulnerability was revealed last week, with experts urging administrators to install patches to protect their systems as soon as possible. The Apache Software Foundation strongly recommends updating your software to Struts 2.3.35 or Struts 2.5.17.
Organizations that fail to install an update or patch quickly enough may be at even greater risk, as the vulnerability itself allows remote code execution and theoretically allows attackers to gain full access to the target system.
Recorded Future reported that it had found references to the use of this vulnerability on a number of Chinese and Russian hacker forums, while Volexity claimed that it had "observed several APT groups using Apache Struts vulnerabilities to access targeted networks."
Trend Micro released its half-year report this week, revealing that detections of cryptocurrency miners in the first half of 2017 have skyrocketed by 956% compared to the first half of this year.
According to InfoSecurity
You May Also Like
$50-$100 million in cryptocurrency stolen by McAfee accountant
The McAfee team is offering a reward for any information regarding the potential theft of $100 million in cryptocurrency.
Fake Monero cryptocurrency wallets have appeared online
According to Reddit users, sites have appeared on the Internet that appropriate user wallets. Monero (XMR) is struggling to overcome challenges and make a place for itself in the world of cryptocurrency, and then scammers trick many users into mining cryptocurrency into the same wallet, from which the attacker receives funds
