The sky-high valuations of cryptocurrencies isn't lost on hackers, who are responding with increasingly sophisticated attacks that covertly harness the computers and electricity of unwitting people to generate digital coins worth large sums of money.
One example is a recently uncovered mass hack of servers that has mined about $6,000 worth of the cryptocurrency known as AEON in the past 23 days. Based on the rate the underlying cryptographic hashes are being generated, Morphus Labs Chief Research Officer Renato Marinho estimated that about 450 separate conscripted machines are participating. Marinho analyzed one of the servers and found that attackers gained control over it by exploiting CVE-2017-10271, a critical vulnerability in Oracle's WebLogic package that was patched in October. The owner of the compromised server, however, had yet to install the fix.
"The exploit is pretty simple to execute and comes with a Bash script to make it easy to scan for potential victims," Marinho wrote in a blog post published Sunday. "In this case, the campaign objective is to mine cryptocurrencies, but, of course, the vulnerability and exploit can be used for other purposes."