Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

Trend Micro -

Cryptominer z0Miner Uses Newly Discovered --26084 to Its Advantage

Exploits &

Recently, we discovered that the z0Miner has been taking advantage of the Atlassian’s Confluence () vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.

By: Nikki Madayag, Josefino Fajilago IV September 21, 2021 Read time:  ( words)

Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August. Given the increasing popularity of the cryptocurrency market, we expect malware authors behind trojans like z0Miner to constantly update the techniques and entry vectors they use to gain a foothold within a system.

This trojan was initially observed exploiting ’s WebLogic Server RCE, CVE-2020-14882, late last year. Since then, z0Miner has been gaining attention by utilizing different unauthorized RCE vulnerabilities, such as the ElasticSearch RCE bug, aka CVE-2015-1427.

Infection chain

Based on our investigation, we found that the infection chain that leverages the new CVE-2021-26084 flaw (Figure 1) is identical to

Read More: https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html