Misconfigured Confluence, Apache Hadoop, Redis, and Docker servers have been targeted by a new cryptojacking campaign distributing Linux malware, SecurityWeek reports.
Vulnerable internet-exposed cloud servers are being identified and exploited through four novel Golang payloads that would eventually lead to cryptominer deployment, according to a Cado Security report. Intrusions targeted at Confluence servers involved the exploitation of the critical remote code execution vulnerability, tracked as CVE-2022-26134. On the other hand, attacks aimed at Docker instances involved the creation of a container for an executable that would later allow command-and-control communication and payload retrieval. Such an attack is indicative of the extensive initial access methods for Linux and cloud malware, noted Cado Security researchers. "It's clear that attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities in those services and using this knowledge to gain a foothold in target environments," researchers added.
