There’s a new type of malware that has been seen out and about in the wild. Palo Alto Networks, a security firm in California, has recently identified a new malware that targets software vulnerabilities. We wanted to let you know about this so you can protect your servers from this new threat.
This new malware is an updated version of one previously utilized by Rocke group and was created to be a coin miner for Monero cryptocurrency on vulnerable servers. This new version of the malware exploits vulnerabilities in outdated versions of Apache Struts 2, Oracle WebLogic and Adobe ColdFusion software. The malware avoids detection by gaining full administrative access over a server and then using that access to simply uninstall some common security products. It’s capable of uninstalling five different cloud security protection and monitoring products offered by two separate companies, Tencent Cloud and Alibaba Cloud. Uninstalling security software is a new trick for malware, as far as we know, and an exploit to be aware of in the future.
Since new security threats change and evolve over time, it’s important to always keep your software up to date. We recommend that your servers be patched as soon as possible. If you’re not sure how to do this or you’d rather leave it to the professionals, please contact us and SysOps Support can take care of it!
You can read more from Palo Alto Network’s report here.