BleepingComputer reports that Windows and Linux servers are being infected by cryptomining malware by a new Sysrv botnet variant, tracked as Sysrv-K, which has been abusing security flaws in WordPress and the Spring Framework.
Sysrv-K features new exploits and capabilities not seen in the original Sysrv botnet, including the ability to scan for vulnerable Spring and WordPress implementations, as well as the exploitation of numerous security bugs, according to the Microsoft Security Intelligence Team.
"These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947," said the Microsoft Security Intelligence team in a tweet.
WordPress configuration files and backups are being targeted by Sysrv-K for database credential theft, with the stolen data leveraged for eventual web server takeovers, researchers said.
Alibaba Cloud security researchers first identified the Sysrv botnet in February 2021, with the botnet found to have exploited web app and database vulnerabilities to infect servers with Monero miners and self-spreading malware.
North Korea's Lazarus Group, also known as Diamond Sleet, has been leveraging a trojanized CyberLink app installer to facilitate the distribution of LambLoad malware in a new supply chain attack, according to SiliconAngle.
Threat actors have been targeting macOS devices with the Atomic Stealer information-stealing malware, also known as AMOS, through fraudulent web browser updates as part of the new "ClearFake" campaign, The Hacker News reports.
Threat actors have been distributing a new Agent Tesla malware variant in attacks leveraging a lure file with the ZPAQ file compression format with improved compression ratios and journaling functionality over the RAR and ZIP formats, according to The Hacker News.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news