Security experts have detected that crypto mining botnets are exploiting unpatched vulnerabilities. Attackers are constantly upgrading their tools to scan unpatched vulnerabilities and infect new devices by exploiting those vulnerabilities.
Recently, the z0Miner crypto mining malware was spotted probing cloud servers by exploiting a new set of unpatched vulnerabilities. Researchers at Qihoo 360 Netlab have observed an active z0Miner campaign with attackers hunting against vulnerabilities addressed in 2015 and earlier in ElasticSearch and Jenkins servers. After compromising a server, the malware will first download a malicious shell script and set up a new cron entry to periodically grab and execute malicious scripts from Pastebin. Since its emergence last year, z0Miner has been observed gaining persistence via crontab and mining for Monero cryptocurrency.
z0Miner’s recent campaign demonstrates how vulnerabilities identified years ago can be exploited by cybercriminals and used for making a profit if they are not patched properly. Hence all organizations need to keep all their systems and applications updated with the latest patches to avoid such threats.