Apache's open-source software utility collection Hadoop and open-source, unified stream-processing, and batch-processing framework Flink are being targeted in new malware attacks that involve packers and rootkits to evade detection, SiliconAngle reports.
Apache Hadoop YARN had a misconfiguration within its ResourceManager component exploited to facilitate arbitrary code execution and unauthenticated app creation and execution, a report from Aqua Security showed.
Similar techniques have been employed in intrusions against Apache Flink, which involved payload distribution upon obtaining initial access.
Aside from ensuring the stealthiness of their operations, threat actors have also utilized numerous MITRE ATT&CK framework strategies, indicating their sophistication.
The new attacks pose a significant threat that should prompt the implementation of agent-based runtime solutions among operators of big data, according to researchers. Such systems have been touted to enable improved identification of obfuscated binaries, cryptocurrency miners, and other malicious activities within data containers.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.