Trend-Micro-Discovers-Attackers-Going-After-Oracle-WebLogic-Server

  • Trend Micro discovered cryptojacking malware within the Oracle WebLogic server.
  • The malware discovered uses certificate files to conceal the mining activities and the installment of malware.

Trend Micro Discovers Malware on Oracle WebLogic Server

Malware infecting cryptocurrency platforms and servers are nothing new, which is why Trend Micro continues to search for vulnerabilities online. The cybersecurity firm has performed some investigative work on the Oracle WebLogic server, finding that there is a vulnerability that attackers have been exploiting to install Monero mining malware. As an obfuscation trick, the attackers are taking advantage of certificate files, which Trend Micro revealed through a blog post on June 10th.

This process of hiding mining malware in a computer system is also known as cryptojacking, taking advantage of the victim’s processing power without any knowledge of the owner of the device. The post from Trend Micro explains that there is a security patch for the vulnerability was released in the spring in the national vulnerability database.

Allegedly, the original vulnerability was caused by a deserialization error. However, there were reports that came out on the SANS ISC InfoSec forum, explaining that the vulnerability already has been exploited to open the door for cryptojacking purposes.

How Malware Programs Are Able to Avoid Detection

Right now, rather than just hiding the malware in the computer network, the firm explained that there is an “interesting twist,” specifying that the code is hidden within certificate files. The blog further explains,

“The idea of using certificate files to hide malware is not a new one […] By using certificate files for obfuscation purposes, a piece of malware can possibly evade detection since the downloaded file is in a certificate file format which is seen as normal -— especially when establishing HTTPS connections.”

A PowerShell command is executed by the exploitation of CVE-2019-2725. This command then prompts a certificate file to be downloaded from the command-and-control server. Micro Trend continued on in the blog, tracing the steps and reaction of the malware, but the firm explained that the malware had an anomaly in the way that the deployment of the malware occurs.

The blog continues,

“[O]ddly enough, upon execution of the PS command from the decoded certificate file, other malicious files are downloaded without being hidden via the certificate file format mentioned earlier. This might indicate that the obfuscation method is currently being tested for its effectiveness, with its expansion to other malware variants pegged at a later date.”

Ultimately, Trend Micro recommended that firms that are still linked with the WebLogic software install the latest update, which includes a security patch. This patch reduces the risk of cryptojacking. Previously, Trend Micro had recently found that there was a major surge in the XMR cryptojacking that is impacting systems in China, which also used an obfuscated PowerShell script to implement the malware.

Monero (XMR) Live Price

1 XMR/USD =$116.7779 change ~ 1.01%

Coin Market Cap

$1.99 Billion

24 Hour Volume

$49.77 Million

24 Hour VWAP

$117

24 Hour Change

$1.1762

Get Free Email Updates!

*Action Required* Enter Your Email for Trending Crypto News & Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

[Author Alert] The author’s opinions above are solely based on their own self-conducted research. Assume any and all authors are using, holding, trading and/or buying cryptoassets mentioned as a portion of his or her financial portfolio. Use information at your own risk, do you own research, never invest more than you are willing to lose.

[Domain Disclosure] The crypto-community content sourced, created and published on BitcoinExchangeGuide should never be used or taken as financial investment advice. Under no circumstances does any article represent our recommendation or reflect our direct outlook. We b-e-g of you to do more independent due diligence, take full responsibility for your own decisions and understand trading cryptocurrencies is a very high-risk activity with extremely volatile market changes which can result in significant losses. Editorial Policy \\ Investment Disclaimer


Coin Market Cap Price Change 24 Hour Volume
BTC $203.24B $11,431.2815 5.15% $8.24B
ETH $33.47B $313.8974 1.91% $2.75B
XRP $19.96B $0.4689 0.88% $579.54M
BCH $8.52B $477.3424 0.92% $373.14M
LTC $8.44B $135.3245 -0.17% $991.96M
EOS $6.61B $7.1803 0.00% $908.88M
BNB $5.19B $36.7509 -0.98% $224.76M
BSV $4.27B $239.3666 1.66% $170.64M
USDT $3.55B $0.9953 0.04% $7.01B
TRX $2.61B $0.0392 1.39% $349.62M

Get 3 Free Bitcoin eBooks for Limited Time Only

Receive three exclusive user guides detailing a) What is Bitcoin b) How Cryptocurrency Works and c) Top Crypto Exchanges today plus a bonus report on Blockchain distributed ledger technology plus top news insights.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.