by Trend Micro Smart Home Network and IoT Reputation Service Teams – We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework.
For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.
What is CVE-2018-7602?CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8, which was patched on April 25, 2018. The security flaw was discovered after Drupal’s security team looked into another vulnerability, CVE-2018-7600 (also known as Drupalgeddon 2, patched on March 28, 2018). Drupal’s security team also reported that CVE-2018-7602 is being actively exploited in the wild.
According to a researcher’s technical analysis, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site.
How does the exploit lead to the Monero miner…
Lese weiter auf: Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Ransomware as a Service Princess Evolution Looking for Affiliates
- How Machine Learning Can Help Identify Web Defacement Campaigns
- Malware Targeting Bitcoin ATMs Pops Up in the Underground
- Adversarial Sample Generation: Making Machine Learning Systems Robust for Security
- Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs
- The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
- New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel
- Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices
- Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication
- New Andariel Reconnaissance Tactics Hint At Next Targets
Diese Information erscheint unabhängig vom Artikel!