A now-patched vulnerability in VMware Workspace One Access has been noticed remaining exploited to produce equally cryptocurrency miners and ransomware on affected devices.
“The attacker intends to employ a victim’s resources as substantially as doable, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to obtain cryptocurrency,” Fortinet FortiGuard Labs researcher Cara Lin explained in a Thursday report.
The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), problems a distant code execution vulnerability that stems from a circumstance of server-side template injection.
Although the shortcoming was tackled by the virtualization companies provider in April 2022, it has considering the fact that arrive underneath lively exploitation in the wild.
Fortinet said it noticed in August 2022 attacks that sought to weaponize the flaw to deploy the Mirai botnet on Linux products as well as the RAR1Ransom and GuardMiner, a variant of the XMRig Monero miner.
The Mirai sample is retrieved from a distant server and is developed to start denial-of-support (DoS) and brute-drive attacks aimed at properly-known IoT devices by earning use of a checklist of default credentials.
The distribution of RAR1Ransom and GuardMiner, on the other hand, is reached by signifies of a PowerShell or a shell script depending on the operating method. RAR1ransom is also noteworthy for leveraging the authentic WinRAR utility to initiate the encryption process.
The findings are yet a different reminder that malware campaigns continue on to actively exploit recently disclosed flaws to crack into unpatched devices, producing it vital that people prioritize implementing needed security updates to mitigate these types of threats.
Observed this report intriguing? Adhere to THN on Facebook, Twitter and LinkedIn to read through much more special articles we publish.
Some parts of this article are sourced from:
thehackernews.com