chushpan
Professional
- Messages
- 661
- Reaction score
- 449
- Points
- 63
Threats are exploiting a serious security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like the Quasar RAT.
The vulnerability, which has been assigned the CVE identifier CVE-2024-4577, is an argument injection vulnerability in PHP that affects Windows-based systems running in CGI mode and could allow remote attackers to execute arbitrary code.
Cybersecurity company Bitdefender said it has seen a spike in attempts to exploit CVE-2024-4577 since late last year, with significant concentrations in Taiwan (54.65%), Hong Kong (27.06%), Brazil (16.39%), Japan (1.57%), and India (0.33%).🗞 Around 15% of the exploits detected involved basic vulnerability scanning using commands like “whoami” and “echo <test_string>”. Another 15% involved commands used for system reconnaissance, such as process enumeration, network discovery, user and domain information gathering, and system metadata collection.
Martin Zugec, Bitdefender’s Chief Technical Solutions Officer, noted that at least 5% of the attacks detected ended with the installation of the XMRig cryptocurrency miner.
“Another small campaign involved the deployment of Nicehash miners, a platform that allows users to sell computing power for cryptocurrency,” Zugec added. “The miner process was disguised as a legitimate application, such as javawindows.exe, to avoid detection”.
