Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

Products You May Like

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.

“The attacker intends to utilize a victim’s resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency,” Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report.

CyberSecurity

The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), concerns a remote code execution vulnerability that stems from a case of server-side template injection.

Although the shortcoming was addressed by the virtualization services provider in April 2022, it has since come under active exploitation in the wild.

Fortinet said it observed in August 2022 attacks that sought to weaponize the flaw to deploy the Mirai botnet on Linux devices as well as the RAR1Ransom and GuardMiner, a variant of the XMRig Monero miner.

The Mirai sample is retrieved from a remote server and is designed to launch denial-of-service (DoS) and brute-force attacks aimed at well-known IoT devices by making use of a list of default credentials.

CyberSecurity

The distribution of RAR1Ransom and GuardMiner, on the other hand, is achieved by means of a PowerShell or a shell script depending on the operating system. RAR1ransom is also notable for leveraging the legitimate WinRAR utility to initiate the encryption process.

The findings are yet another reminder that malware campaigns continue to actively exploit recently disclosed flaws to break into unpatched systems, making it essential that users prioritize applying necessary security updates to mitigate such threats.

Cyber Security

Products You May Like

Articles You May Like

Twitter’s France Head Serves Resignation Amid Mass Layoffs, Tweets Exit Message
HP laying off 4,000-6,000 employees globally over the next three years
Elon Musk Urged by US Senator to Better Protect US Users’ Data After Whistleblower Testimony
U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk
Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

Leave a Reply

Your email address will not be published. Required fields are marked *