Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,173
- Points
- 113
Several cybercrime groups have taken advantage of the recently disclosed critical PHP vulnerability, which is now being used to spread Trojans, malicious cryptominers, and launch DDoS attacks.
We wrote about the issue that received the CVE-2024-4577 identifier in June. It was identified by Devcore specialist Orange Tsai. On the CVSS scale, the gaps were assigned 9.8 points.
Using the appropriate exploit, attackers can remotely execute arbitrary commands on Windows systems where Japanese and Chinese language packs are installed.
Researchers from Akamai this week pointed out attempts to exploit CVE-2024-4577 in real cyber attacks. According to them, within a day after the publication of information about the vulnerability, the bait servers have already recorded attacks by intruders.
The attackers tried to deliver the Gh0st Trojan, which opens remote access to the system, the RedTail and XMRig cryptominers, as well as add the device to the Muhstik DDoS botnet.
"The attackers sent a request that was previously observed in RedTail operations, trying to take advantage of the soft transfer flaw in %ADd and thus execute the wget request for the shell script. The latter sends an additional request to the same Russian IP address to get the x86 version of the malicious RedTail miner," the researchers write.
We wrote about the issue that received the CVE-2024-4577 identifier in June. It was identified by Devcore specialist Orange Tsai. On the CVSS scale, the gaps were assigned 9.8 points.
Using the appropriate exploit, attackers can remotely execute arbitrary commands on Windows systems where Japanese and Chinese language packs are installed.
Researchers from Akamai this week pointed out attempts to exploit CVE-2024-4577 in real cyber attacks. According to them, within a day after the publication of information about the vulnerability, the bait servers have already recorded attacks by intruders.
The attackers tried to deliver the Gh0st Trojan, which opens remote access to the system, the RedTail and XMRig cryptominers, as well as add the device to the Muhstik DDoS botnet.
"The attackers sent a request that was previously observed in RedTail operations, trying to take advantage of the soft transfer flaw in %ADd and thus execute the wget request for the shell script. The latter sends an additional request to the same Russian IP address to get the x86 version of the malicious RedTail miner," the researchers write.
