September 13, 2024 at 02:30AM
Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to illicitly mine cryptocurrency, focusing on the Oracle Weblogic server. The malware, named Hadooken, deploys a crypto miner and a DDoS botnet, exploiting vulnerabilities and misconfigurations to spread across connected environments. The campaign is linked to hosting companies in Germany and Russia.
From the meeting notes, it is evident that cybersecurity researchers have uncovered a new malware campaign targeting Linux environments for illicit cryptocurrency mining. The malware, named Hadooken, is delivered through the Oracle Weblogic server and deploys a crypto miner upon execution. The attack exploits known security vulnerabilities and misconfigurations, and has a history of targeting Jenkins and Weblogic services in Kubernetes clusters. The malware is designed to establish persistence on the host by creating cron jobs to run the crypto miner periodically at varying frequencies. Additionally, it has been linked to a bulletproof hosting provider in Germany with ties to cybercrime.