Home>Blog>The Hacker News Headlines>New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners
The Hacker News Headlines

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

srv botnet

Microsoft is warning of a new variant of the srv botnet
that’s exploiting multiple security flaws in web applications and
databases to install coin miners on both Windows and Linux
systems.

The tech giant, which has called the new version Sysrv-K,
is said to weaponize an array of exploits[1]
to gain control of web servers. The cryptojacking botnet first
emerged in December 2020.

“Sysrv-K scans the internet to find web servers with various
vulnerabilities to install itself,” the company said[2]
in a series of tweets. “The vulnerabilities range from path
traversal and remote file disclosure to arbitrary file download and
remote code execution vulnerabilities.”

This also includes CVE-2022-22947[3]
(CVSS score: 10.0), a code injection vulnerability in Spring Cloud
Gateway that could be exploited to allow arbitrary remote execution
on a remote host via a maliciously crafted request.

It’s worth noting that the abuse of CVE-2022-22947 has prompted
the U.S. Cybersecurity and Infrastructure Security Agency to add
the flaw to its Known Exploited Vulnerabilities
Catalog[4].

A key differentiator is that Sysrv-K scans for WordPress
configuration files and their backups to fetch database
credentials, which are then used to hijack web servers. It’s also
said to have upgraded its command-and-control communication
functions to make use of a Telegram Bot[5].

CyberSecurity

Once infected, lateral movement is facilitated through SSH keys[6]
available on the victim machine to deploy copies of the malware to
other systems and grow the botnet’s size, effectively putting the
entire network at risk.

“The Sysrv malware takes advantage of known vulnerabilities to
spread their Cryptojacking malware,” Lacework Labs researchers
noted[7]
last year. “Ensuring public facing applications are kept up to date
with the latest security patches is critical to avoid opportunistic
adversaries from compromising systems.”

Besides securing internet-exposed servers, Microsoft is
additionally advising organizations to apply security updates in a
timely fashion and build credential hygiene to reduce risk.

References

  1. ^
    array of
    exploits     (blogs.juniper.net)
  2. ^
    said
    (twitter.com)
  3. ^
    CVE-2022-22947
    (tanzu.vmware.com)
  4. ^
    Known
    Exploited Vulnerabilities Catalog
    (thehackernews.com)
  5. ^
    Telegram
    Bot     (thehackernews.com)
  6. ^
    SSH
    keys     (en.wikipedia.org)
  7. ^
    noted
    (www.lacework.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.