Critical Apache Struts Vulnerability Exploited to Install Cryptocurrency Miner
A critical Apache Struts vulnerability that was disclosed recently has been actively exploited by cybercriminals to install a popular cryptocurrency miner on victim systems. Security researchers at Volexity have reported that they have observed this malicious activity in the wild shortly after a proof-of-concept exploit was made public.
Exploitation and Impact
According to Volexity, the attacks that have been observed so far are directly based on the publicly available proof-of-concept code. The vulnerability in Apache Struts is a result of improper validation of namespace input data, making it easy for threat actors to exploit. The firm has identified at least one threat actor attempting to exploit CVE-2018-11776 on a large scale to install the CNRig cryptocurrency miner. The initial scanning activity originated from Russian and French IP addresses.
The CVSS 10.0 vulnerability was disclosed last week, urging system administrators to patch their systems promptly to prevent exploitation. Failure to apply the necessary patch could result in remote code execution, potentially granting attackers unauthorized access to targeted systems.
Recommendations and Warnings
The Apache Software Foundation has advised users to upgrade to either Struts 2.3.35 or Struts 2.5.17 to mitigate the risk posed by this vulnerability. Organizations that delay patching their systems may face further threats, as cybercriminals are actively exploiting this flaw to gain access to networks.
Recorded Future has detected discussions in Chinese and Russian underground forums regarding the exploitation of this vulnerability, indicating a widespread interest among cybercriminals. Additionally, Volexity has reported that multiple APT groups are leveraging Apache Struts vulnerabilities to compromise target networks.
Rising Threat of Cryptocurrency Miners
Trend Micro’s midyear report highlights a significant increase in detections of cryptocurrency miners, with a 956% rise from the first half of 2017 to the first six months of 2018. This alarming trend underscores the growing popularity of cryptocurrency mining as a means of illicitly generating revenue.