|
Title: Hackers exploit critical VMware flaw to drop ransomware & miners Post by: PawGo on October 24, 2022, 09:16:21 AM Anyone using VMware Workspace ONE Access? Check if you use a patched version (CVE-2022-22954). Otherwise, maybe you mine Monero for someone.
Researchers at cybersecurity company Fortinet noticed in the newest campaigns that the threat actors deployed the Mira botnet for distributed denial-of-service (DDoS) attacks, the GuardMiner cryptocurrency miner, and the RAR1Ransom tool. One interesting case is a pair of Bash and PowerShell scripts targeting Linux and Windows systems. The scripts fetch a list of files to launch on the compromised machine. The PowerShell script ("init.ps1") downloads the following files from a Cloudflare IPFS gateway: phpupdate.exe: Xmrig Monero mining software config.json: Configuration file for mining pools networkmanager.exe: Executable used to scan and spread infection phpguard.exe: Executable used for guardian Xmrig miner to keep running clean.bat: Script file to remove other cryptominers on the compromised host More details: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners/ Title: Re: Hackers exploit critical VMware flaw to drop ransomware & miners Post by: NeuroticFish on October 24, 2022, 10:17:41 AM I did quick research and it looks like it's enterprise/company software. I doubt anyone use this software, unless it's used by company where they work. I've used in the past some VMWare enterprise solution for working from home, but that was years ago and I don't remember whether it was Workspace ONE or not. So it's reasonable to think that there may be bitcoiners affected by the exploit. On the other hand, it was advised many times that one should keep at hand an app that shows how much CPU is being used and check that now and then, to avoid surprises. Thanks for the info, OP. |