Hackers Exploit Old HTTP File Server to Install Monero Miners
Threat actors actively exploit critical vulnerabilities in older versions of Rejetto’s HTTP File Server to install Monero mining malware and other malicious software.
Critical Vulnerabilities in HTTP File Server
Researchers from BleepingComputer, drawing information from AhnLab, have identified a new attack technique used by hackers who are targeting the so-called file-sharing software – HTTP File Server (HFS). The approach involves abusing security holes in outdated software versions to inflict the users with a virus which covertly mines Monero. Users might not even notice that their resources are being used, the report said.
Exploitation Details
Attackers have discovered a vulnerability in HFS version 2.3m, and using this hole they remotely execute commands that enable them to take control of the system without any auth. Threat actors receive unauthorized access to HTTP File Server and intentionally intercept response instructions. This vulnerability will immediately escalate privileges and give access to the local as well as the whole network, simply letting bad actors through the front door, which means no security is assured at all.
Variety of Malicious Payloads
According to the alerted report issued by AhnLab, a security firm, the cases of the use of malwares in other forms rather than the simple system compromise are frequently recorded. The number of such cases is so big that to name a few examples will be to mention the tools like the XMRig, the remote access trojans (RATs) and the XenoRAT and Gh0stRAT. It is still unknown how severe these attacks on the target computers are or how much Monero has already been mined by the hidden mining activity on the affected devices, but the possible damage remains high.
Response from Rejetto
The software company, Rejetto confirmed the bug and issued a warning of the malfunction, in response to which Rejetto issued an alert and recommended all users to drop versions 2.3m through 2.4 and instead go for the more secure ones. The company has reported that the versions 2.3m – 2.4 contain discovered security vulnerabilities and therefore, they are not safe to be used,” Rejetto stated in their advisory. The developers called on the users to upgrade their systems to the secure software versions.
Why Monero?
Cybercriminals usually have a strong preference for installing XMRig on infected devices and this is because the privacy features of Monero are incredibly high, which subsequently make the transactions really hard to trace. XMRig can easily run on various hardware and it being open-source makes it very easy to modify. Moreover, it can be secretly launched in the background of the device’s processes and conceals the network traffic which makes it very difficult to detect.
Conclusion
This exploitation of older HFS versions highlights the critical need for regular software updates, and vigilance in cybersecurity practices. Users are instructed to upgrade to newer releases to block these types of attacks.