New Monero-mining malware found on Oracle servers
Another week, another cryptocurrency malware discovered
If nothing else, cryptocurrency malware creators are consistent. It seems that not a week goes by without a new hacking software being discovered, and most of them target the Monero digital currency. This week isn’t any different, but the target has changed. Now, malware creators are going after Oracle servers.
The malware, which was found by researchers with Trend Micro, is able to install itself on enterprise application servers and remain hidden. It uses a common vulnerability that was first discovered this past April and is able to install itself on Oracle WebLogic Servers to introduce its Monero mining software.
The software code is hidden in files related to certificates, which allows it to avoid being detected by antivirus software and firewalls. It installs an automated command to download a malicious certificate file, which is then interpreted by a decoding tool to change its name and extension to become an update file. When the update file is executed, the certificate file is deleted and another automated script is automatically downloaded and installed.
This second script is the one that installs the mining bot and allows the hackers to try to start earning off their illicit application. However, Oracle is already on the case and has issued an update that is designed to thwart the installations.
Obfuscation techniques are becoming a common method of trying to install crypto mining software on target machines. Similar malware was identified last week that imitates a crypto trading website to install software onto users’ computers. That malware may have found a number of victims, as an investigation of the associated crypto keys shows substantial holdings of various currencies. However, how much of the holdings can be attributed to attacks cannot be ascertained.