Criminals Raise the Stakes in Crypto Mining Malware Using Confluence Exploit Per Trend Micro Find
Cybercriminals are getting bolder and smarter all the time and it is hard to keep up with them, as they keep finding new exploits in several pieces of software. Now, it was recently discovered by the security intelligence company Trend Micro that the Confluence software, created by Atlassian, was used to spread crypto mining malware.
The vulnerability CVE-2019-3396 of the Confluence software is currently being used by criminals in order to install and run Monero miners on infected computers. With the help of the exploit, the criminals can do it without the victims knowing anything about it.
All activity is covered up by using a rootkit, which hides the network activity of the malware from the eyes of the victim, which enables the attack to be more effective this way as the CPU of the computer is used without being too apparent.
According to the reports made by the security division of Atlassian, only the older versions of Confluence are able to be exploited because the newer versions have been patched already. Because of this, you should avoid downloading any of the older version and you should upgrade yours if you have not done it so far.
You can alternatively visit the site of the company and download the official patched version using the Confluence Server and Data Center if you want.
Crypto Mining Malware Is On The Rise
Attacks involving crypto mining malware have grown a lot recently. Ever since 2017, the attacks have basically skyrocketed and, while the numbers are divergent depending on which research you use, the only certainty is that the attacks are way more frequent.
Coinhive, a software that was being used to mine Monero, was even shut down because it was often being used in crypto mining malware.
There are several examples of exploits out there, some even use some basic Windows tools and even Amazon has been a victim of some similar attack recently, so we advise you to always be cautious while dealing your computer.