Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Trend Micro -

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware.

By: Nitesh Surana December 03, 2021 Read time:  ( words)

Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this vulnerability is exploited, it allows attackers to map URLs to files outside the directories configured by Alias-like directives. Under certain configurations where Common Gateway Interface (CGI) scripts are enabled for aliased paths, attackers can also use it for RCE. As the initial fix was deemed insufficient, a bypass was later reported for the fix and tracked as CVE-2021-42013.

Official fixes have been rolled out by Apache HTTP Server Project. However, when we looked at the malicious samples abusing this vulnerability, we found more of these exploits being abused to target different gaps in products and packages for malicious mining of Monero. In this blog, we

Read More: https://www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html