Trusted

Vulnerability in Oracle WebLogic Exploited to Install Malicious Monero Miners

2 mins
Updated by Adam James
Join our Trading Community on Telegram
A vulnerability in Oracle WebLogic Server is being used to install malicious miners, according to Trend Micro. The vulnerability is being actively exploited to set up Monero mining operations on unsuspecting computers.
In April 2019, security notice on CVE-2019-2725 was put out by the National Vulnerability Database regarding a serious issue in the Oracle WebLogic Server component of Oracle Fusion Middleware. The versions affected are 10.3.6.00 and 12.1.3.0.0. The exploit allows attackers to access the network via HTTP to compromise the server. According to the notice, the vulnerability allows for a takeover of Oracle WebLogic Server. However, an investigation by Trend Micro revealed that the issue is far deeper than first thought. In fact, it was being exploited to set up Monero miners on unsuspecting systems.

monero miners

Malicious Miners Exploit Vulnerability

The installation of these malicious miners is apparently quite easy. First, the malware exploits CVE-2019-2725 with a specific command function which forces the system to download a certificate file and save it under %APPDATA% with the file name cert.cer. This was detected by Trend Micro as Coinminer.Win32.MALXMR.TIAOODCJ.component. Although deeply embedded and made to look like a normal Privacy-Enhanced Mail (PEM) certificate, the miner is embedded within it. This certificate is responsible for downloading and executing files relating to the XMR miner payload, the config file for the miner, and other files. It’s unclear how many systems were affected by this breach and how many may still be mining XMR unintentionally. Monero (XMR)

Hidden Threats

The trouble with this particular vulnerability is that it demonstrates how easy certificate files can be used to obfuscate hidden threats. For example, a certificate file can avoid detection by appearing to be “normal.” Yet, Trend Micro has now discovered that such files can easily contain malicious directives for hidden miners. As this exploit catches on, we can likely see more hackers embed mining operations within unsuspecting certificates. The discovery is sure to cause a headache for not just Oracle, but other database management systems. Have you ever been subject to a malicious attack which implanted a hidden miner on your system? How do you protect against it? Let us know your thoughts below. 
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

images-e1706008039676.jpeg
Advertorial
Advertorial is the universal author name for all the sponsored content provided by BeInCrypto partners. Therefore, these articles, created by third parties for promotional purposes, may not align with BeInCrypto views or opinion. Although we make efforts to verify the credibility of featured projects, these pieces are intended for advertising and should not be regarded as financial advice. Readers are encouraged to conduct independent research (DYOR) and exercise caution. Decisions based on...
READ FULL BIO
Sponsored
Sponsored