Security experts say the critical Apache Struts vulnerability, discovered last week, is being actively exploited to maliciously install a popular hidden cryptocurrency miner on a victim's system.
Experts at Volexity reported earlier this week that they noticed suspicious activity shortly after a working mock-up of software exploiting the vulnerability was made public.
Volexity concludes that the attacks seen so far, "in the wild", use code taken directly from publicly published Proof-of-Concept. In this case, Apache Struts is vulnerable to improper namespace validation of incoming data, a flaw that is easy to exploit.
On August 27, 2018, Volexity discovered at least one malware attempting to exploit CVE-2018-11776 en masse to install the CNRig cryptocurrency miner from the BitBucket repository. The scans initially detected were from Russian and French IP addresses 95.161.225.94 and 167.114.171.27.
The CVSS 10.0 vulnerability was revealed last week, with experts urging administrators to install patches to protect their systems as soon as possible. The Apache Software Foundation strongly recommends updating your software to Struts 2.3.35 or Struts 2.5.17.
Organizations that fail to install an update or patch quickly enough may be at even greater risk, as the vulnerability itself allows remote code execution and theoretically allows attackers to gain full access to the target system.
Recorded Future reported that it had found references to the use of this vulnerability on a number of Chinese and Russian hacker forums, while Volexity claimed that it had "observed several APT groups using Apache Struts vulnerabilities to access targeted networks."
Trend Micro released its half-year report this week, revealing that detections of cryptocurrency miners in the first half of 2017 have skyrocketed by 956% compared to the first half of this year.
According to InfoSecurity
You May Also Like
Amazon Fire TV media player may be infected with Android virus
Watching pirated movies or TV channels through the Amazon Fire TV Stick or Amazon Fire TV media player can infect your Android device with malware that allows for hidden mining.
First Bitcoin robbers arrested in Taiwan
According to Aljazeera, four criminals were detained in the city of Taichung. The attackers lured the owner of 18 BTS to a meeting, at which they forced him to transfer cryptocurrency to a specified address, and then beat him.
