by Trend Micro Smart Home Network and IoT Reputation Service Teams – We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework.
For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.
What is CVE-2018-7602?CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8, which was patched on April 25, 2018. The security flaw was discovered after Drupal’s security team looked into another vulnerability, CVE-2018-7600 (also known as Drupalgeddon 2, patched on March 28, 2018). Drupal’s security team also reported that CVE-2018-7602 is being actively exploited in the wild.
According to a researcher’s technical analysis, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site.
How does the exploit lead to the Monero miner…
Lese weiter auf: Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
- Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch
- December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities
- New Exploit Kit “Novidade” Found Targeting Home and SOHO Routers
- Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities
- New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
- Water and Energy Sectors Through the Lens of the Cybercriminal Underground
- Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices
- Fake Voice Apps on Google Play, Botnet Likely in Development
- AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor
Diese Information erscheint unabhängig vom Artikel!