Security experts say the critical Apache Struts vulnerability, discovered last week, is being actively exploited to maliciously install a popular hidden cryptocurrency miner on a victim's system.
Experts at Volexity reported earlier this week that they noticed suspicious activity shortly after a working mock-up of software exploiting the vulnerability was made public.
Volexity concludes that the attacks seen so far, "in the wild", use code taken directly from publicly published Proof-of-Concept. In this case, Apache Struts is vulnerable to improper namespace validation of incoming data, a flaw that is easy to exploit.
On August 27, 2018, Volexity discovered at least one malware attempting to exploit CVE-2018-11776 en masse to install the CNRig cryptocurrency miner from the BitBucket repository. The scans initially detected were from Russian and French IP addresses 95.161.225.94 and 167.114.171.27.
The CVSS 10.0 vulnerability was revealed last week, with experts urging administrators to install patches to protect their systems as soon as possible. The Apache Software Foundation strongly recommends updating your software to Struts 2.3.35 or Struts 2.5.17.
Organizations that fail to install an update or patch quickly enough may be at even greater risk, as the vulnerability itself allows remote code execution and theoretically allows attackers to gain full access to the target system.
Recorded Future reported that it had found references to the use of this vulnerability on a number of Chinese and Russian hacker forums, while Volexity claimed that it had "observed several APT groups using Apache Struts vulnerabilities to access targeted networks."
Trend Micro released its half-year report this week, revealing that detections of cryptocurrency miners in the first half of 2017 have skyrocketed by 956% compared to the first half of this year.
According to InfoSecurity
You May Also Like
Mozilla Firefox will automatically block cryptocurrency mining scripts
In an effort to improve performance and protect its users, the open-source browser Mozilla Firefox will soon begin automatically blocking malicious cryptocurrency mining scripts.
In Zaporozhye, cyber police detained a hacker who distributed viruses to steal data
Operatives of the cybercrime department identified and detained a 22-year-old resident of the Zaporozhye region who was distributing malicious software to obtain personal information of network users.
