A security vulnerability that is nearly 5 years old has now become the favorite tool of hackers as they are using it to infect Linux servers with crypto mining malware. The vulnerability that is being exploited in this cryptojacking campaign is classified as CVE-2013-2618.
The miner is an altered XMRig tool, which is a legitimate, open-source Monero miner. It is basically a flaw that was identified years ago (in April 2013), in Cacti’s Network Weathermap plug-in.
This open-source tool is used by network admins to visually evaluate network activity. The malicious new use of the vulnerability was identified by Trend Micro researchers and they claim that this campaign is still active.
The key targets of this campaign are publicly accessible x86-64 Linux webservers, while the scope of the attack is not limited to any single destination since webservers across the globe are being targeted. Japan, China, Taiwan and the US are identified as the top targets.
thumbnail courtesy of hackread.com