Sysrv-hello Cryptomining Botnet Targeting Windows, Linux Servers

Recently discovered botnet dubbed Sysrv-hello has been actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. The botnet has been recently upgraded to use a single binary capable of mining and auto-spreading the malware to other devices by scanning the Internet for more vulnerable systems. According to Lacework Labs researchers, the attackers are targeting cloud workloads through remote code injection/remote code execution vulnerabilities in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic and Apache Struts to gain initial access. Read more...