Posted on March 27, 2018 at 8:39 PM
Hackers are Using a 5-Year-Old Vulnerability to Mine Monero
The flaw affects Linux servers and has seen $3 million in cryptocurrency mined since it started. The flaw has a ready made patch but it has not been used for the past five years.
One security flaw that is at least 5 years on the market is now being used as a crypto mining malware. The security vulnerability is now being used to compromise Linux servers with the software for better cryptocurrency mining. The hackers are exploiting the CVE-2013-2618 vulnerability in their campaign. The miner is known to be an alteration of the XMRig tool, one of the tools used to mine Monero, legitimately.
How old is the flaw?
The flaw was discovered back in April 2013 in the plugin run by the Cacti Weathermap network. The open source tool was being used to check for network activity by various network admins. Researchers at the security firm, Trend Micro, discovered the new problem. They also noted that the issue was ongoing with the campaign being regarded as still active.
The campaign is primarily targeting the Linux web servers of the x86-64 type. These servers are publicly available, which is key for the hackers. The hackers are also not limiting their attack to any place in particular. They have decided to target all the web servers across the globe with their top targets being Japan, the US, China and Taiwan.
Thankfully, there has been a patch for this flaw made available for five years now. However, hackers still use it to mine their cryptocurrencies. It is astounding to know that the patch has not been used even though it has been made readily available.
How does it work?
The exploit is being used to initiate a request through which people can view the code on the web server. The code then allows the cyber attackers to change and alter the code. In this way, they can now be able to install the crypto miner on the device. This same procedure is being repeatedly done after every three minutes to ensure no one has inadvertently stopped the mining process by shutting down the system.
The XMRig tool is also used in a way that allows it to stop being detected. Hackers can also change the processing power of the CPU and make it look like everything is normal. The researchers also discovered the markets that the miners are using. One of the hackers received 320 Monero, which roughly changes to $70,000. However, this is thought of as nothing but a drop in a barrel as the hackers are believed to have grossed at least $3 million.
Users can make their computer cryptocurrency foolproof by having their systems patched regularly. Trend Micro researchers noted in their report that the data from the Cacti servers should be left internal.