The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits.
Kinsing refers to a Linux malware with a history of targeting misconfigured containerized environments for cryptocurrency mining, often utilizing compromised server resources to generate illicit profits for the threat actors.
The latest campaign entails the abuse of CVE-2023-46604 (CVSS score: 10.0), an actively exploited critical vulnerability in Apache ActiveMQ that enables remote code execution, permitting the adversary to download and install the Kinsing malware.
“Kinsing doubles down on its persistence and compromise by loading its rootkit in /etc/ld.so.preload, which completes a full system compromise,” Girnus said.
In light of the continued exploitation of the flaw, organizations running affected versions of Apache ActiveMQ are recommended to update to a patched version as soon as possible to mitigate potential threats.
The disclosure comes as the AhnLab Security Emergency response Center (ASEC) is warning of cyber attacks targeting vulnerable Apache web servers for a cryptojacking campaign that leverages Cobalt Strike or Gh0st RAT to deliver a cryptocurrency miner.
Source: https://thehackernews.com/