Five-Year-Old Linux Vulnerability Allows Hackers to Cryptojack
March 28, 2018
According to an American firm Trend Micro, a 5-year-old vulnerability of Linux servers is utilized to infect it with the malware that allows hackers to secretly mine Monero (XMR) cryptocurrency.
The report published by the company states that hackers use the vulnerability, that was found in Network Weathermap plugin for Cacti. It allows them to install there a customized version of XMRig malware, that mine Monero.
The researchers also clarified that hackers has protected the mining program from detection by checking them malware every three minutes, in case someone turns it off. To avoid detection, attackers configured XMRig in a way, in which the malware uses limited amount of CPU resources.
The vulnerability was originally discovered five years ago in April 2013 in Weathermap plugin. This open source plugin is used by Internet providers, online exchanges, telecommunications networks, and many Fortune 500 companies to show the network activity. Hacker's actions are targeted at the publicly available x86-64 Linux servers around the world.