A recent post by Trend Micro has confirmed that a group of hackers had been exploiting a vulnerability in the WebLogic Server. They used it to install the Monero mining malware on computer systems, by deploying certificate files as an obfuscation trick. The security and intelligence blog informed about the malware via a blog post on Monday.
According to the report, such kind of crypto hacks is called crypto-jacking. This essentially means that cyber-criminals install a crypto mining malware on devices to discreetly using their processing power without the owner’s free consent or knowledge. Trend Micro has also claimed that the Oracle WebLogic vulnerability, which was caused by a de-serialization error, was inducted in the vulnerability database earlier this year.
However, the cybersecurity enterprise further states that the cyber-criminals have already started exploiting the vulnerability for crypto-jacking purposes, claiming that it has verified the allegations. Fortunately, Oracle has released an update already which addresses the vulnerability, and all the organizations using the WebLogic Server need to update the software.
Trend Micro also noted that these type of cyber attacks are not new. Last year, Sophos introduced a proof of concept, demonstrating by placing an Excel file with embedded macros inside a certificate file. However, it also said that the one found on the WebLogic Server was unique in its design. It said,
One interesting characteristic of the downloaded certificate file is that it requires that it be decoded twice before the PS command is revealed, which is unusual since the command from the exploit only uses CertUtil once.
Trend Micro further argued that it was possible that the certificate file they downloaded could have been different from the file actually intended for download by a remote command. The reason for this could be that the hackers were updating the files continuously.
Venture Summit Virtual Connect West is one of the megaevents providing a credible platform…