Hackers find new ways to print digital money for free | #VentureCanvas

admin | Cryptinfo

The sky-high valuations of cryptocurrencies isn’t lost on hackers, who are responding with increasingly sophisticated attacks that covertly harness the computers and electricity of unwitting people to generatedigitalcoinsworth large sums of money.

One example is a recently uncovered mass hack of servers that has mined about $6,000 worth of the cryptocurrency known as AEON in the past 23 days. Based on the rate the underlying cryptographic hashes are being generated, Morphus Labs Chief Research Officer Renato Marinho estimated that about 450 separate conscripted machines are participating. Marinho analyzed one of the servers and found that attackers gained control over it by exploiting CVE-2017-10271, a critical vulnerability in Oracle’s WebLogic package that was patched in October. The owner of the compromised server, however, had yet to install the fix.

Hackers find new ways to print digital money for free | #VentureCanvas
Hackers find new ways to print digital money for free | #VentureCanvas

“The exploit is pretty simple to execute and comes with a Bash script to make it easy to scan for potential victims,” Marinho wrote in a blog post published Sunday. “In this case, the campaign objective is to mine cryptocurrencies, but, of course, the vulnerability and exploit can be used for other purposes.”

The post said the currency being mined is known as Monero. On Monday, however, the researcher told Ars he finally gained access to the attackers’ mining pool, which showed the currency was, in fact, AEON.

The exploit used on the machine Marinho examined shut down WebLogic, presumably in an attempt to reduce the load put on the CPUs of the compromised machine. Killing WebLogic makes it easy for victims to know when they have been compromised, but the exploit the researcher reviewed could easily have been modified in later attacks to ensure WebLogic continues to operate normally. The number of coins generated over the past 23 days suggests many operators remain unaware their servers have been hacked.

Similar Posts