Express

Mining Trojan 4SHMiner Controls Roughly 15k Cloud Servers For Mining

Tracy Chen

Summary: On November 18, the Cloud Workload Protection (CWP for short) under the tech giant Tencent, captured that the mining Trojan 4SHMiner used Apache Shiro deserialization vulnerability CVE-2016-4437 to attack cloud servers. After the 4SHMiner mining group successfully invaded, it executed the command to download 4.sh and the mining Trojan XMRig, thus to achieve persistent operation ...

On November 18, the Cloud Workload Protection (CWP for short) under the tech giant Tencent, captured that the mining Trojan 4SHMiner used Apache Shiro deserialization vulnerability CVE-2016-4437 to attack cloud servers. After the 4SHMiner mining group successfully invaded, it executed the command to download 4.sh and the mining Trojan XMRig, thus to achieve persistent operation through Linux service, systemctl service, system configuration file $HOME/.profile, crontab timing tasks, etc.

Security experts at Tencent Security recommend that companies ought to check whether their servers have deployed Apache Shiro with a version 1.2.5 or newer.

Tracy Chen

Last Update:

Tags:
Link: Mining Trojan 4SHMiner Controls Roughly 15k Cloud Servers For Mining   [Copy]
Next:

Related Articles

  • AI Fraud Is Breaking the Internet’s Trust Economy. Can Compliance Tech Keep Up? 2 days ago
  • Can a $300M RWA Fund Save Avalanche's TVL? 3 days ago
  • Trump Adviser's "Whale Debut" with $680M Bitcoin Bet Faces Early Losses 4 days ago
  • S&P 500 Enters Key Turning Point Window; A Cautious "Wait-and-See" Approach is Adv... 6 days ago
  • Why a "One-Size-Fits-All" Approach to Stablecoin Issuance Fails Given Diverse Fiat Curr... 7 days ago

    • You need to login to comment.