by Trend Micro Smart Home Network and IoT Reputation Service Teams – We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework.
For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.
What is CVE-2018-7602?CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8, which was patched on April 25, 2018. The security flaw was discovered after Drupal’s security team looked into another vulnerability, CVE-2018-7600 (also known as Drupalgeddon 2, patched on March 28, 2018). Drupal’s security team also reported that CVE-2018-7602 is being actively exploited in the wild.
According to a researcher’s technical analysis, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site.
How does the exploit lead to the Monero miner…
Lese weiter auf: Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- New CVE-2018-8373 Exploit Spotted
- Viro Botnet Ransomware Breaks Through
- September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
- A Closer Look at the Locky Poser, PyLocky Ransomware
- Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
- The Urpage Connection to Bahamut, Confucius and Patchwork
- IQY and PowerShell Abused by Spam Campaign to Infect Users in Japan with BEBLOH and URSNIF
Diese Information erscheint unabhängig vom Artikel!