Hacking, Hacking Tools, Vulnerability

Hackers Abusing Apache CouchDB Vulnerabilities to Deploy Malware & Mining Monero Cryptocurrency

Cryptocurrency Mining Malware This article is cornerstone content

Security researchers from TrendMicro observed a crypto mining attack by exploiting the vulnerabilities in the popular database system to deliver Cryptocurrency Mining Malware.

According to their global Sensor reports the new attacks targetting the vulnerabilities in the popular open source database Apache CouchDB system.

Past few year Crypto currency mining is a very easy method for cybercriminals to Generating the huge revenue by hijacking the Web- browser and injecting the malicious script and taking control of the CPU Usage from the Victims.

Mining cryptocurrencies in a legitimate way are quite resource consuming process, so attackers demanding ransom payments and infecting other computers to mine the cryptocurrencies.

Vulnerabilities Exploited – Cryptocurrency Mining Malware

Attackers targetted the patched vulnerabilities CVE-2017-12635 (Apache CouchDB JSON Remote Privilege Escalation Vulnerability) and CVE-2017-12636 (Apache CouchDB _config Command Execution).

Researchers said “exploitation of these vulnerabilities can provide attackers with duplicate keys that allow them access control — including administrator rights — within the system. The attackers can then use these functions to execute arbitrary code.”

CouchDB is one of the popular database management systems and is ranked 27th out of 309 according to DB-engines. By default, it looks like TCP port 5984 and the peak periods of monero mining activity in the first part of February.

Cryptocurrency Mining Malware

By exploiting the vulnerability CVE-2017-12635 attackers can create a CouchDB account with admin privileges and later used the admin account to run the remote code by exploiting the vulnerability CVE-2017-12636.

Also Read Biggest Crypto-Mining Campaign Ever – Hackers Mine $3 Million Worth of Monero Crypto-currency

Cryptocurrencies attack’s are in uprise starting from 2018, mining cryptocurrency requires a computational power. Due to these difficulties, attackers use exploits flaws in organizations that contains huge resources.

Mitigations – Cryptocurrency Mining Malware

As long as your server has RCE vulnerability attackers take an advantage of it and include malicious scripts. The cryptocurrency attacks not only compromise the system, it consumes all the system resources.

Trend Micro Suggested Few Mitigation

1. Regular system updates can prevent exploiting the vulnerabilities.
2. Don’t use default system credentials.
3. By placing Intrusion detection system these attacks can be mitigated.


Hash Detected as HKTL_COINMINE.GE
Hash Detected as HKTL_COINMINE.GP
Hash Detected as HKTL_COINMINE.GQ

Source : GBHackers

Previous ArticleNext Article
Send this to a friend