Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc.
The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). The vulnerability can be avoided by downloading patched versions of Confluence Server and Data Center. This attack targeted Microsoft Windows users with the Windows exploit tool mimikatz and remote control program Radmin. The vulnerability targeted was Windows SMB Server Vulnerability MS17-010, which has since been patched in 2017. Per the report, online shopping giant Amazon has also been the victim of a monero miner attack. In this case, the attack was executed on a Kubernetes server operating inside Amazon Web Services.