Cryptocurrency mining malware uses five-year old vulnerability to mine Monero on Linux servers

Hackers are using a five-year-old security vulnerability to infect Linux servers with cryptocurrency-mining malware. The cryptojacking campaign exploits CVE-2013-2618, an old vulnerability in Cacti’s Network Weathermap plug-in, an open source tool which is used by network administrators to visualise network activity. Attackers can use the vulnerability to inject HTML and JavaScript into the title of maps in the network editor, and to upload malicious PHP code to a webserver.

The vulnerability was disclosed in April 2013 and the patch has been available for almost five years, but attackers are still using it to help mine cryptocurrency in 2018. Uncovered by researchers at Trend Micro, the campaign is still active and is targeting publicly accessible x86-64 Linux web servers around the world, with the highest proportion of targets in Japan, Taiwan, China, and the US. The attackers use the exploit to request to view the code on the server, with the flaw enabling them to alter the code to install a coin miner on the system.

Read more about how hackers are targeting accessible x86-64 Linux web servers in a new cryptojacking campaign exploiting an old vulnerability on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here