Criminals are exploiting a critical vulnerability in Apache ActiveMQ middleware, specifically CVE-2023-46604. They installed a backdoor and downloaded files that patched the original vulnerability. Security researchers observed DripDropper, a unique Linux malware, used against multiple systems. The attackers modified the sshd configuration for root access. DripDropper communicates with a Dropbox account and employs encryption for communication. The malware is password-protected, complicating detection efforts by security analysts. The activities of DripDropper vary from monitoring processes to receiving further instructions from attackers.
After installing a backdoor to the infected systems, they then downloaded two Java Archive (JAR) files that effectively patched the original vuln.
DripDropper, an encrypted PyInstaller-built ELF that communicates with an attacker-controlled Dropbox account, maintains control over compromised Linux servers.
Collection
[
|
...
]