SoylentNews

Freeman [soylentnews.org] writes:

https://arstechnica.com/gadgets/2021/04/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm/ [arstechnica.com]

A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said.

Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s malware components was a worm that spread from one vulnerable device to another without requiring any user action. It did this by scanning the Internet for vulnerable devices and, when found, infecting them using a list of exploits that has increased over time.

The malware also included a cryptominer that uses infected devices to create the Monero digital currency. There was a separate binary file for each component.
[...]
“Based on the binaries we have seen and the time when we have seen them, we found that the threat actor is constantly updating its exploit arsenal,” Juniper researcher Paul Kimayong said in a Thursday blog post [juniper.net].

Thursday’s post listed more than a dozen exploits that are under attack by the malware. They are:

Exploit | Software
CVE-2021-3129 | Laravel
CVE-2020-14882 | Oracle Weblogic
CVE-2019-3396 | Widget Connector macro in Atlassian Confluence Server
CVE-2019-10758 | Mongo Express
CVE-2019-0193 | Apache Solr
CVE-2017-9841 | PHPUnit
CVE-2017-12149 | Jboss Application Server
CVE-2017-11610 | Supervisor (XML-RPC)
Apache Hadoop Unauthenticated Command Execution via YARN ResourceManager (No CVE) | Apache Hadoop
Brute force Jenkins | Jenkins
Jupyter Notebook Command Execution (No CVE) | Jupyter Notebook Server
CVE-2019-7238 | Sonatype Nexus Repository Manager
Tomcat Manager Unauth Upload Command Execution (No CVE) | Tomcat Manager
WordPress Bruteforce | WordPress

Original Submission