According to Microsoft, the Sysrv botnet is actively targeting vulnerable Windows and Linux servers by abusing vulnerabilities in the Spring Framework and WordPress with the goal of deploying crypto miners.
A new botnet variant tracked as Sysrv-K discovered by Redmond has come with extra capabilities such as scanning for unpatched WordPress and Spring deployments.
After finding the vulnerable servers, Sysrv infects them with Monero miners and self-spreader malware payloads.
