CYBERCRIMINALS MINE XMR USING VULNERABILITIES IN OLDER VERSIONS OF CONFLUENCE ATLASSIAN

According to the analytical company Trend Micro, cybercriminals use the vulnerability CVE-2019-3396 in the Confluence Atlassian software for hidden mining of monero.

The vulnerability could allow cybercriminals to covertly install and run XMR miner on a computer, as well as hide mining activity using a rootkit to hide network malware activity and reduce CPU load.

According to the security best practices of the creators of the Confluence Atlassian teamwork platform, this vulnerability only applies to some older versions of Confluence. The problem can be solved by downloading the corrected versions of Confluence Server and Data Center.

Last year, Trend Micro reported that the number of crypto-jacking attacks increased by 956% from the first half of 2017 to the first half of 2018. And hackers began a sharp competition among themselves for the resources of hacked computers.