by Trend Micro Smart Home Network and IoT Reputation Service Teams – We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework.

For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.

What is CVE-2018-7602?CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8, which was patched on April 25, 2018. The security flaw was discovered after Drupal’s security team looked into another vulnerability, CVE-2018-7600 (also known as Drupalgeddon 2, patched on March 28, 2018). Drupal’s security team also reported that CVE-2018-7602 is being actively exploited in the wild.

According to a researcher’s technical analysis, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site.

How does the exploit lead to the Monero miner…

Lese weiter auf: Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
Quelle: TrendLabs Malware Blog

Kommentare und Fragen
Möchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog

Diese Information erscheint unabhängig vom Artikel!

DSGVO-Informationen by TRADAR
Glaubst Du, dass Deine Freunde diese Information noch nicht kennen? Teile es mit ihnen.