According to recent information, reporthackers are exploiting security flaws in XWiki, a web-based platform for content creation, to run programs on computers they don’t own.
A bug in XWiki’s template system allowed malicious parties to mine the Monero (XMR) cryptocurrency without permission.
The hacker sends a request to download a small program (x640) to the unfortunate victim’s computer. Another request then runs this program, and the program downloads two more scripts (x521 and x522) that install and run the Monero miner (tcrond) to stop other mining on the infected machine.
Monero tokens mined on hacked computers will be sent via: c3pool.org.
The Hacker News report, which cited data from CISA, also mentioned a security flaw in DELMIA Apriso that allowed hackers to remotely execute code in a similar manner.
How can I protect my computer?
Anyone who may have been a victim of cryptojacking (the illegal mining of cryptocurrencies using someone else’s machine) should block their IP and monitor their network for connections. c3pool.org.
Of course, if files related to the miner are found on your existing computer, you should also delete those files.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
