Cybersecurity firm Trend Micro has confirmed that attackers have been exploiting a vulnerability in the Oracle WebLogic server to install monero mining malware, while using certificate files as an obfuscation trick.
The news was revealed in a Trend Micro blog post published on June 10.
As previously reported, forms of stealth crypto mining are also referred to with the industry term cryptojacking - the practice of installing malware that uses a computer's processing power to mine for cryptocurrencies without the owner's consent or knowledge.
According to Trend Micro's post, a security patch for theOracle WebLogic vulnerability - reportedly caused by a deserialization error - was released in the national vulnerability database earlier this spring.
Trend Micro cites reports that emerged on the SANS ISC InfoSec forum alleging that the vulnerability has already been exploited for cryptojacking purposes, and confirms that it has verified and analyzed the allegations.
"The idea of using certificate files to hide malware is not a new one By using certificate files for obfuscation purposes, a piece of malware can possibly evade detection since the downloaded file is in a certificate file format which is seen as normal - especially when establishing HTTPS connections."
Trend Micro's analysis begins by noting that the malware exploits CVE-2019-2725 to execute a PowerShell command, prompting the download of a certificate file from the command-and-control server.
"[O]ddly enough, upon execution of the PS command from the decoded certificate file, other malicious files are downloaded without being hidden via the certificate file format mentioned earlier.
This might indicate that the obfuscation method is currently being tested for its effectiveness, with its expansion to other malware variants pegged at a later date.
As recently reported, Trend Micro detected a major uptick in XMR cryptojacking targeting China-based systems this spring, in a campaign mimicking earlier activities that had used an obfuscated PowerShell script to deliver XMR-mining malware.
Trend Micro: Cybercriminals Use Obfuscation Trick to Install Crypto Mining Malware
Publicado en Jun 10, 2019
by Cointele | Publicado en Coinage
Coinage
Noticias recientes
Ver todo
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.