Nov 21, 2023 NewsroomLinux/ Rootkit
The Kinsing risk stars are actively exploiting a critical security defect in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits.
“As soon as Kinsing infects a system, it deploys a cryptocurrency mining script that makes use of the host’s resources to mine cryptocurrencies like Bitcoin, leading to significant damage to the infrastructure and a negative effect on system efficiency,” Trend Micro security scientist Peter Girnus said.
Kinsing refers to a Linux malware with a history of targeting misconfigured containerized environments for cryptocurrency mining, typically utilizing compromised server resources to generate illegal profits for the threat actors.
The group is likewise understood to rapidly adapt its techniques to include recently divulged flaws in web applications to breach target networks and provide crypto miners. Previously this month, Aqua revealed the hazard actor’s efforts to exploit a Linux advantage escalation defect called Looney Tunables to penetrate cloud environments.
The latest campaign involves the abuse of CVE-2023-46604 (CVSS rating: 10.0), an actively made use of crucial vulnerability in Apache ActiveMQ that allows remote code execution, permitting the enemy to download and set up the Kinsing malware.
This is followed by recovering additional payloads from an actor-controlled domain while at the same time taking steps to end completing cryptocurrency miners currently working on the infected system.
” Kinsing doubles down on its determination and compromise by loading its rootkit in/ etc/ld. so.preload, which completes a complete system compromise,” Girnus said.
Because of the continued exploitation of the flaw, organizations running impacted versions of Apache ActiveMQ are recommended to update to a covered variation as soon as possible to mitigate possible hazards.
Discovered this article fascinating? Follow us on Twitter and LinkedIn to find out more exclusive material we post.