BleepingComputer reports that Windows and Linux servers are being infected by cryptomining malware by a new Sysrv botnet variant, tracked as Sysrv-K, which has been abusing security flaws in WordPress and the Spring Framework.
Sysrv-K features new exploits and capabilities not seen in the original Sysrv botnet, including the ability to scan for vulnerable Spring and WordPress implementations, as well as the exploitation of numerous security bugs, according to the Microsoft Security Intelligence Team.
"These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947," said the Microsoft Security Intelligence team in a tweet.
WordPress configuration files and backups are being targeted by Sysrv-K for database credential theft, with the stolen data leveraged for eventual web server takeovers, researchers said.
Alibaba Cloud security researchers first identified the Sysrv botnet in February 2021, with the botnet found to have exploited web app and database vulnerabilities to infect servers with Monero miners and self-spreading malware.
More than 40 banks in Mexico and Brazil have been subjected to a new malware campaign involving a new variant of the BBTok banking trojan meant to exfiltrate data for hijacking online bank accounts, according to The Hacker News.