Malware Threatens to Turn Search Engine into Crypto Mining Botnet

Samuel Haig

24 Jul 2019
/
In #Security

Cybersecurity firm Trend Micro has discovered a new malware strain that threatens to turn the enterprise search engine Elasticsearch into a cryptocurrency mining botnet capable of being used in a distributed denial of service (DDoS) attacks.

Malware Differs From Conventional Profit-Motivated Attacks

Trend Micro describes the new malware as different from typical “profit-driven” attack by “delivering backdoors as its payload.” According to the cybersecurity firm: “these threats can turn affected targets into botnet zombies used in [DDoS] attacks.”

The malware attacks its victims by searching for “exposed or publicly accessible Elasticsearch databases/servers.” The virus is specifically designed to exploit an old Elasticsearch exploit that has since been updated.

The virus then invokes “a shell with an attacker-crafted search query with encoded Java commands,” before downloading a malicious script from an already compromised website that attempts to shut down the infected computer’s firewall. The malware ceases any existing cryptocurrency mining activities, in addition to any computational process that may interfere with its operation, and then removes traces of the initial infection. The virus then downloads a second script, again from a compromised website.

The cybersecurity firm stated that “the ways that the scripts are retrievable are notable,” which used expendable domains which “allows the attackers to swap URLs as soon as they are detected.”

Hackers May Just Be Getting Warmed Up

Trend Micro states that the virus “bear[s] the hallmarks of the BillGates malware,” which was first discovered in 2014 and can be “used to hijack systems and initiate DDoS attacks.” The cybersecurity firm notes that it has recently seen variants of the BillGates malware involved in various “botnet-related activities”.

Trend Micro speculates that the actors behind the virus may be “just testing their hacking tools or readying their infrastructure before mounting actual attacks,” highlighting that the attackers “used URL encoding, staged where the scripts are retrieved, and compromised legitimate websites.”

During the first quarter of 2019, Cisco’ Talos Security Intelligence and Research Group reported a sudden spike in the number of malicious actors targeting unsecured Elasticsearch servers. According to Cisco Talis, the attacks leveraged “old vulnerabilities to pass scripts to search queries and drop […] both malware and cryptocurrency miners on victim machines.”

Disclaimer

The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, or other advice. Investing in or trading cryptoassets comes with a risk of financial loss.

Malware Threatens to Turn Search Engine into Crypto Mining Botnet

Malware Differs From Conventional Profit-Motivated Attacks

Hackers May Just Be Getting Warmed Up

Disclaimer

Related Articles

XRP Ledger’s Decentralized Exchange Sees Total Value Locked Soar Over 7.5 Million $XRP

Shiba Inu’s Supply on Exchanges Drops to Two-Year Low as $SHIB Price Surges

Standard Chartered Remains Bullish on Crypto as Ether ETF Approval Delays are ‘Priced in’

You Might Like

Most Read

“Bitcoin Is No Longer ‘Cheap’ and Is Considered To Be Trading at ‘Fair’ Value”: Fidelity Digital Assets Report

Crypto Analyst Who Nailed 2018 Bottom Says Bitcoin Will Hit New High in Weeks, Predicts $120,000 Cycle Top

TON Foundation Launches USDT on Telegram’s Integrated Blockchain: A Milestone for Global Crypto Payments

Mainland Chinese Investors Likely Barred from Hong Kong’s Spot Bitcoin and Ether ETFs, Say Bloomberg Analysts

Bitcoin Price Falls as Fed Chair Powell Expresses Caution on Rate Cuts