• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 8th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Five year old vulnerability used for Monero mining on Linux servers

March 24th, 2018 Waqas Malware, Security 0 comments
Five year old vulnerability used for Monero mining on Linux servers
Share on FacebookShare on Twitter

A security vulnerability that is nearly 5 years old has now become the favorite tool of hackers as they are using it to infect Linux servers with crypto mining malware. The vulnerability that is being exploited in this cryptojacking campaign is classified as CVE-2013-2618. The miner is an altered XMRig tool, which is a legitimate, open-source Monero miner.

It is basically a flaw that was identified years ago (in April 2013), in Cacti’s Network Weathermap plug-in. This open-source tool is used by network admins to visually evaluate network activity. The malicious new use of the vulnerability was identified by Trend Micro researchers and they claim that this campaign is still active.

The key targets of this campaign are publicly accessible x86-64 Linux webservers, while the scope of the attack is not limited to any single destination since webservers across the globe are being targeted. Japan, China, Taiwan and the US are identified as the top targets.

According to researchers, this vulnerability is being used by hackers for injecting HTML and JavaScript into the title of the network editor maps. Moreover, the same vulnerability can be utilized for infecting a webserver with malicious PHP code.

Five year old vulnerability used for Monero mining on Linux servers

Patch for this vulnerability has been available for about five years however, even today cybercriminals are able to utilize it for mining cryptocurrency. It is indeed surprising that such an important flaw hasn’t been patched in years despite the availability of the patch.

More: Hackers are using YouTube Ads to Mine Monero Cryptocurrency

The exploit is used for initiating a request for viewing the code on the webserver; the vulnerability allows attackers to modify the code to install crypto-miner on the machine. The same procedure is repeated after every three minutes to make sure the server restarts the mining process in case someone shuts down the system.

XMRig tool is instructed for performing the actions discreetly so that the attackers evade detection. Hackers even can modify the maximum CPU usage of the mining malware simply by decreasing the percentage of power used to reduce the chances of detection.

The wallets being used by the miners have also been identified by the researchers. One of the attackers received 320 Monero (approx. $75,000), claims Trend Micro. It is worth noting that this is just a small proportion of what attackers are actually making through this campaign. Researchers opine that attackers must have mined $3 million in cryptocurrency.

To protect your computer from being used as a cryptomining tool, it is a good idea to keep the system patched. Those who run Cacti’s Network Weathermap plug-in must secure their data and keep it away from public servers. In the company’s official blog post, Trend Micro researchers noted:

“Data from Cacti should be properly kept internal to the environment. Having this data exposed represents a huge risk in terms of operational security. While this allows systems or network administrators to conveniently monitor their environments, it also does the same for threat actors.”

More: Hackers Hide Monero Cryptominer in Scarlett Johansson’s Picture

  • Tags
  • Bitcoin
  • Cryptocurrency
  • Cyber Crime
  • hacking
  • internet
  • javascript
  • Linux
  • Malware
  • Monero
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article 9 Iranian hackers charged with hacking universities & stealing secrets
Next article Facebook collected users' call and SMS logs with "their permission"
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data
Cyber Crime

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us