Hackers are actively exploiting critical vulnerabilities in older versions of Rejetto’s HTTP File Server to install Monero mining malware and other malicious software.
Hackers have found a way to exploit older versions of the HTTP File Server (HFS), a software designed for publishing and sharing files, to deploy malicious Monero mining software, BleepingComputer reports, citing data from cybersecurity firm AhnLab.
The exploit, which appears to be centered around a critical vulnerability identified in HFS versions up to and including 2.3m, allows threat actors to execute arbitrary commands remotely without requiring authentication, enabling attackers to take control with ease.
AhnLab has reportedly documented multiple instances when attackers deploy a variety of malicious payloads beyond simple system compromise, including tools like XMRig, a software designed to mine Monero (XMR), and remote access trojans (RATs) such as XenoRAT and Gh0stRAT. The scale of these attacks and the amount of Monero mined remain unclear though.
In response to the exploit, Rejetto reportedly issued warnings, confirming the bug and advising against the use of versions 2.3m through 2.4, describing them as “dangerous and should not be used anymore.”
Cybercriminals usually favor installing XMRig on infected devices due to Monero’s high privacy features, which make transactions difficult to trace. XMRig’s efficiency and versatility also allow it to run on various hardware, and its open-source nature facilitates easy modification. Additionally, it can run stealthily in the background of a computer’s processes, minimizing the chance of being detected.