Hackers are currently targeting a critical Apache ActiveMQ vulnerability to download and infect Linux machines with the Kinsing malware and crypto miner.
In a blog post published on November 20, Trend Micro researchers reported that the exploitation of the CVE-2023-46604 vulnerability in the open-source ActiveMQ protocol results in remote code execution (RCE), which allows Kinsing to carry out the download and installation of malware.
Following a system infection, Kinsing deploys a cryptocurrency-mining script that exploits the host’s resources to mine cryptocurrencies such as Bitcoin. This not only leads to substantial damage to infrastructure but also adversely affects system performance.
The Kinsing malware poses a significant threat, focusing primarily on Linux-based systems, the researchers added. This malicious software has the capability to infiltrate servers and spread rapidly throughout a network. Its mode of entry involves exploiting vulnerabilities present in web applications or misconfigured container environments.
“Organizations that use Apache ActiveMQ must take immediate action to patch CVE-2023-46604 as soon as possible and mitigate the risks associated with Kinsing,” the researchers said in the post. “Given the malware’s ability to spread across networks and exploit multiple vulnerabilities, it is important to maintain up-to-date security patches, regularly audit configurations, and monitor network traffic for unusual activity, all of which are critical components of a comprehensive cybersecurity strategy.”
The vulnerability’s root cause lies in a problem related to the validation of throwable class types during the unmarshalling of OpenWire commands, the researchers noted.
Reports emerged earlier this month
Read more on cryptonews.com