Friday, April 12, 2024

Hackers Abusing Apache CouchDB Vulnerabilities to Deploy Malware & Mining Monero Cryptocurrency

Cryptocurrency Mining Malware performing a crypto mining attack by exploiting the vulnerabilities in the popular database system.

According to their global Sensor reports the new attacks targetting the vulnerabilities in the popular open source database Apache CouchDB system.

Past few year Crypto currency mining is a very easy method for cybercriminals to Generating the huge revenue by hijacking the Web- browser and injecting the malicious script and taking control of the CPU Usage from the Victims.

Cryptocurrency Mining Malware Mining cryptocurrencies in a legitimate way are quite resource consuming process, so attackers demanding ransom payments and infecting other computers to mine the cryptocurrencies.

Vulnerabilities Exploited – Cryptocurrency Mining Malware

Attackers targetted the patched vulnerabilities CVE-2017-12635 (Apache CouchDB JSON Remote Privilege Escalation Vulnerability) and CVE-2017-12636 (Apache CouchDB _config Command Execution).

Researchers said “exploitation of these vulnerabilities can provide attackers with duplicate keys that allow them access control — including administrator rights — within the system. The attackers can then use these functions to execute arbitrary code.”

CouchDB is one of the popular database management systems and is ranked 27th out of 309 according to DB-engines. By default, it looks like TCP port 5984 and the peak periods of monero mining activity in the first part of February.

Cryptocurrency Mining Malware

By exploiting the vulnerability CVE-2017-12635 attackers can create a CouchDB account with admin privileges and later used the admin account to run the remote code by exploiting the vulnerability CVE-2017-12636.

Also Read Biggest Crypto-Mining Campaign Ever – Hackers Mine $3 Million Worth of Monero Crypto-currency

Cryptocurrencies attack’s using Cryptocurrency Mining Malware is in uprise starting from 2018, mining cryptocurrency requires a computational power. Due to these difficulties, attackers use exploits flaws in organizations that contains huge resources.

Mitigations – Cryptocurrency Mining Malware

As long as your server has RCE vulnerability attackers take an advantage of it and include malicious scripts. The cryptocurrency attacks not only compromise the system, it consumes all the system resources.

Trend Micro Suggested Few Mitigation

1. Regular system updates can prevent exploiting the vulnerabilities.
2. Don’t use default system credentials.
3. By placing Intrusion detection system these attacks can be mitigated.


Hash Detected as HKTL_COINMINE.GE
Hash Detected as HKTL_COINMINE.GP
Hash Detected as HKTL_COINMINE.GQ

Latest articles

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Taxi App Vendor Data Leak: 300K Passengers Data Exposed

Around 300,000 taxi passengers' personal information was left exposed on the internet, causing concern...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles