Network Security, Endpoint/Device Security, Malware

New vulnerabilities leveraged for Kinsing cryptojacking botnet expansion

Crypto Trading theme with blurred city abstract lights background

Cryptojacking operation Kinsing, also known as H2Miner, had its botnet strengthened with the addition of new security vulnerabilities, reports The Hacker News.

Click for more special coverage

Attacks by Kinsing involved the utilization of vulnerability scanning and exploiting servers, payload and script staging servers, and command-and-control servers, with the latter using IP addresses directed to Russia, according to a report from Aqua. Different tools have also been leveraged by Kinsing to target various operating systems, said researchers, who added that most of the apps targeted by the operation were open-source apps.

Further analysis also revealed the different program categories leveraged by Kinsing, including Type I and Type II scripts for next-stage payload deployment, auxiliary scripts, and binaries.

"Kinsing targets Linux and Windows systems, often by exploiting vulnerabilities in web applications or misconfigurations such as Docker API and Kubernetes to run cryptominers. To prevent potential threats like Kinsing, proactive measures such as hardening workloads pre-deployment are crucial," said Aqua.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.