Security experts say the critical Apache Struts vulnerability, discovered last week, is being actively exploited to maliciously install a popular hidden cryptocurrency miner on a victim's system.
Experts at Volexity reported earlier this week that they noticed suspicious activity shortly after a working mock-up of software exploiting the vulnerability was made public.
Volexity concludes that the attacks seen so far, "in the wild", use code taken directly from publicly published Proof-of-Concept. In this case, Apache Struts is vulnerable to improper namespace validation of incoming data, a flaw that is easy to exploit.
On August 27, 2018, Volexity discovered at least one malware attempting to exploit CVE-2018-11776 en masse to install the CNRig cryptocurrency miner from the BitBucket repository. The scans initially detected were from Russian and French IP addresses 95.161.225.94 and 167.114.171.27.
The CVSS 10.0 vulnerability was revealed last week, with experts urging administrators to install patches to protect their systems as soon as possible. The Apache Software Foundation strongly recommends updating your software to Struts 2.3.35 or Struts 2.5.17.
Organizations that fail to install an update or patch quickly enough may be at even greater risk, as the vulnerability itself allows remote code execution and theoretically allows attackers to gain full access to the target system.
Recorded Future reported that it had found references to the use of this vulnerability on a number of Chinese and Russian hacker forums, while Volexity claimed that it had "observed several APT groups using Apache Struts vulnerabilities to access targeted networks."
Trend Micro released its half-year report this week, revealing that detections of cryptocurrency miners in the first half of 2017 have skyrocketed by 956% compared to the first half of this year.
According to InfoSecurity
You May Also Like
The Good, the Bad and the Ugly Bitcoin Bug
For over a year, all versions of Bitcoin Core contained one of the worst bugs in Bitcoin history. In this article, we will reveal the good, bad and ugly details about one of the most annoying Bitcoin Core bugs to date.
Sweden is becoming an oasis for hidden mining
Stealth mining attacks in the largest Scandinavian economy increased by about 10 percent in the fourth quarter of last year, roughly double the jump worldwide, according to Symantec Corp's 2018 Internet Security Threat Report.
