Hackers have been actively exploiting critical vulnerabilities in older versions of Rejetto’s HTTP file server to install Monero mining malware and other malicious software.
Hackers have found a way to exploit old versions of HTTP File Server (HFS), a software designed for publishing and sharing files, to deploy malicious Monero mining software, BleepingComputer reports, citing data from cybersecurity firm AhnLab.
The exploit appears to revolve around a critical vulnerability identified in HFS versions up to 2.3m that allows threat actors to execute arbitrary commands remotely without requiring authentication, making it easier for attackers to take control.
AhnLab reports that it has documented multiple cases where attackers deploy a variety of malicious payloads beyond simple system compromise, including tools such as XMRig, software designed to mine Monero (XMR), and remote access trojans (RATs) such as XenoRAT and Gh0stRAT, although the scale of these attacks and the amount of Monero mined is unknown.
In response to the vulnerability, Rejetto reportedly issued a warning, confirmed the bug, and recommended against using versions 2.3m to 2.4, stating that they are “dangerous and should not be used going forward.”
Cybercriminals prefer to install XMRig on infected devices due to Monero's high privacy features that make transactions difficult to trace. XMRig is efficient and versatile, so it can run on a wide variety of hardware, and it's open source, so it can be easily modified. Additionally, it can run silently in the background of computer processes, minimizing the chances of detection.
