Hackers infect Oracle servers with malware to mine Monero
The malware sneaks into the certificate files and is not perceived by the firewalls and antivirus check, taking advantage of the processing power of computers and even generating funds with the digital currency Monero
Cybersecurity experts identified the new mining malware for cryptocurrencies. It is installed on the servers of business applications and uses very sophisticated mechanisms to remain hidden.
The attack has already affected an important victim, Oracle, the provider of services and applications in the cloud. The malware violated the company’s WebLogic servers and installed a bot that was dedicated to producing balances in the Monero digital currency.
The tool uses an exploit to execute an automated command, with which it downloads the malicious file that takes advantage of the security breach and begins to undermine the balances of the cryptocurrency. The malicious code remains hidden among the files of the certificate.
A decoding application is used to read the certificate, as well as to change its name and extension to an update file. Once that file is executed, the certificate file is deleted and another automated script is downloaded, which is the one that executes the program to mine Monero.
It seems that the tendency of hackers is to keep hidden the mining malwares in servers and computers with a big processing power.
L.Sáenz
Source: Diario Bitcoin
