Hackers are Using a 5-Year-Old Vulnerability to Mine Monero

Posted on March 27, 2018 at 8:39 PM

Hackers are Using a 5-Year-Old Vulnerability to Mine Monero

The flaw affects Linux servers and has seen $3 million in cryptocurrency mined since it started. The flaw has a ready made patch but it has not been used for the past five years.

One security flaw that is at least 5 years on the market is now being used as a crypto mining malware. The security vulnerability is now being used to compromise Linux servers with the software for better cryptocurrency mining. The hackers are exploiting the CVE-2013-2618 vulnerability in their campaign. The miner is known to be an alteration of the XMRig tool, one of the tools used to mine Monero, legitimately.

How old is the flaw?

The flaw was discovered back in April 2013 in the plugin run by the Cacti Weathermap network. The open source tool was being used to check for network activity by various network admins. Researchers at the security firm, Trend Micro, discovered the new problem. They also noted that the issue was ongoing with the campaign being regarded as still active.

The campaign is primarily targeting the Linux web servers of the x86-64 type. These servers are publicly available, which is key for the hackers. The hackers are also not limiting their attack to any place in particular. They have decided to target all the web servers across the globe with their top targets being Japan, the US, China and Taiwan.

The researchers noted that this flaw was being used by the nefarious actors to inject the HTML and JavaScript software. The hackers inject these into the title of the network editor maps. On top of that, the flaw can also be used to affect many web servers with the suspicious PHP code.

Thankfully, there has been a patch for this flaw made available for five years now. However, hackers still use it to mine their cryptocurrencies. It is astounding to know that the patch has not been used even though it has been made readily available.

How does it work?

The exploit is being used to initiate a request through which people can view the code on the web server. The code then allows the cyber attackers to change and alter the code. In this way, they can now be able to install the crypto miner on the device. This same procedure is being repeatedly done after every three minutes to ensure no one has inadvertently stopped the mining process by shutting down the system.

The XMRig tool is also used in a way that allows it to stop being detected. Hackers can also change the processing power of the CPU and make it look like everything is normal. The researchers also discovered the markets that the miners are using. One of the hackers received 320 Monero, which roughly changes to $70,000. However, this is thought of as nothing but a drop in a barrel as the hackers are believed to have grossed at least $3 million.

Users can make their computer cryptocurrency foolproof by having their systems patched regularly. Trend Micro researchers noted in their report that the data from the Cacti servers should be left internal.

Summary
Hackers are Using a 5-Year-Old Vulnerability to Mine Monero
Article Name
Hackers are Using a 5-Year-Old Vulnerability to Mine Monero
Description
One security flaw that is at least 5 years on the market is now being used as a crypto mining malware. The security vulnerability is now being used to compromise Linux servers with the software for better cryptocurrency mining.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading