Home > Cyber News > CVE-2019-2725 Oracle WebLogic Server Flaw Leads To Monero Miner Infections
CYBER NEWS

CVE-2019-2725 Oracle WebLogic Server Flaw Leads To Monero Miner Infections

by   |  Last Update:  |  0 Comments  

The CVE-2019-2725 vulnerability which is exhibited in the Oracle WebLogic Server application was abused by hackers leading to Monero miner infections. Several security reports indicate that criminal groups are taking advantage of the bug and are set onto infecting as many computer users as possible with cryptocurrency miners.




Oracle WebLogic Server Flaw and Its CVE-2019-2725 Bug Are Used To Infect Hosts With Monero Miners

The Oracle WebLogic Server as one of the most widely used enterprise solutions has been found to be impacted with a dangerous flaw. It is being tracked in the CVE-2019-2725 advisory which shows how the server can be hacked by malicious users. Using the fault the remote attackers can start a PowerShell command on the server which will trigger a payload download of a certificate file to the host. The certification utility will then decode the contents of the file which will lead to an uncompressed file. In the current attack the final payload is a Monero miner.

During this particular campaign the following list of files have been deployed onto the victim computers:

  • Sysupdate.exe — This is the main Monero miner file
  • Config.json — This is the accompanying configuration file
  • Networkservce.exe — This is another module which is probably being used for the distribution of the payloads.
  • Update.ps1 — This file contains the PowerShell script which is run in memory.
  • Sysguard.exe #— This is the watchdog that monitors the activity of the Monero miner.
  • Clean.bat — This is the clean-up utility.

The defining characteristic of this campaign is that the obfuscation technique is done via the security certificate files. The cryptocurrency miner code will be installed as a persistent threat thereby making it very difficult to remove. As always the presence of such malicious code will start a sequence of tasks that will place a heavy toll on the performance and stability of the system. Whenever one of them is reported as complete the criminals will receive income in the form of cryptocurrency that will be directly transferred to their wallets. Oracle have patched the vulnerability and are urging customers to update their installations as soon as possible.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server New Oracle WebLogic Server vulnerabilities were just reported with the...
  2. CVE-2019-2568 in Oracle WebLogic Endangers 36,000 Servers Another day, another vulnerability. The cybersecurity mantra is giving us...
  3. WaterMiner Monero Miner Is the Newest Cryptocurrency Malware The dangerous trend of creating new ways to infect client...
  4. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  5. CVE-2018-3110: Critical Vulnerability in Oracle Database Disclosed Another day, another vulnerability that needs to be patched as...
  6. CryptoLoot Coinhive Monero Miner – How to Remove from Your PC This article has the goal to show you how to...
  7. Double Monero Miners Target Computers Worldwide in an Ongoing Attack Monero miners are one of the most popular cryptocurrency-related malware...
  8. Google Versus Oracle Over Android API. Google 1: Oracle 0 Have you heard of the lawsuit between Google and Oracle?...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree