Another day, another Monero cryptomining campaign and this time attackers exploited a security flaw in Oracle Fusion Middleware. Latest SANS Technology Institute report published on 7 January is more like a bombshell for cryptocurrency industry.

It reveals the findings of Morphus Labs researcher Renato Marinho, according to which a new globally active cybercrime campaign is underway attacking Monero cryptocurrency. Marinho explains that Monero miners are being deployed on hundreds of computers by exploiting a flaw that is present in Oracle Fusion Middleware’s supported and unsupported versions.

There are multiple attackers involved and prime targets happen to be PeopleSoft and WebLogic servers. The attackers leverage a Web application server flaw (CVE-2017-10271) that Oracle claims was patched in October 2017.

The proof-of-concept exploits for this vulnerability was published by Chinese security expert Lian Zhang in December 2017, which has probably been leveraged by the attackers to launch this campaign. That’s because as soon as the proof-of-concept was published, reports of installation of cryptominers started pouring in; these reports came from diverse servers some of which were already compromised servers.

These servers were hosted by Athenix, GoDaddy, and Digital Ocean. This exploit is quite easy to execute since a Bash script is used to make scanning for potential targets easy and effective. Read more from…

thumbnail courtesy of