Cybersecurity researchers have identified a campaign exploiting CVE-2021-41773, a severe path traversal vulnerability in Apache HTTP Server version 2.4.49. The attack utilizes compromised legitimate websites to deliver the Linuxsys cryptocurrency miner. This technique allows attackers to evade detection by using sites with valid SSL certificates. In addition to this attack, previous exploitation of the Linuxsys miner also targeted flaws in other systems. The malware download sequence includes shell scripts designed for simple execution, increasing the likelihood of successful infection.
"The attacker leverages compromised legitimate websites to distribute malware, enabling stealthy delivery and evasion of detection," VulnCheck said in a report shared with The Hacker News.
"This approach is clever because victims connect to legitimate hosts with valid SSL certificates, making detection less likely," VulnCheck noted.
Collection
[
|
...
]