A severe security vulnerability in PHP, identified as CVE-2024-4577, is being exploited by threat actors to deploy cryptocurrency miners and remote access trojans such as Quasar RAT. Recent data from Bitdefender indicates a sharp rise in attempts to exploit this flaw, predominantly in regions like Taiwan and Hong Kong. About 15% of attempts involve basic system reconnaissance commands, while other campaigns lead to deployments of XMRig and Nicehash miners, often disguised as legitimate software. Interestingly, some attacks attempt to modify firewall settings to block known malicious IPs, suggesting inter-group competition among cybercriminals.
"Another smaller campaign involved the deployment of Nicehash miners, a platform that allows users to sell computing power for cryptocurrency, to evade detection."
"Bitdefender has seen a surge in attempts to exploit CVE-2024-4577, with a significant concentration reported in Taiwan at 54.65%."
Collection
[
|
...
]