Cyberattackers Exploit Apache ActiveMQ Flaw to Mine Cryptocurrency, Warns Kinsing

The critical RCE flaw is actively being exploited to target Linux systems and gain full system compromise.

Nov 21, 2023 - 16:00
  Source
 0  40
Cyberattackers Exploit Apache ActiveMQ Flaw to Mine Cryptocurrency, Warns Kinsing

Attackers exploiting a critical vulnerability in Apache ActiveMQ, designated as CVE-2023-46604, have been deploying the Kinsing malware on vulnerable Linux systems to mine cryptocurrency. This activity significantly strains system resources and degrades performance. TrendMicro researchers have identified these attacks, highlighting the exploitation of this flaw in ActiveMQ, an open source messaging protocol developed by the Apache Software Foundation.

Kinsing is notorious for its exploitation of prominent vulnerabilities to infiltrate Linux systems for crypto mining and other malicious activities. In this instance, the group leverages public exploits that use the ProcessBuilder method. This method allows them to execute commands on affected systems, facilitating the download and execution of Kinsing's malware and cryptocurrency miners.

Once Kinsing gains a foothold in a system, it actively seeks out and terminates competing crypto miners and their processes, ensuring dominance over the system's resources. The malware also removes competing malware from the host's scheduled tasks (crontab) to maintain its persistence.

TrendMicro's investigation into the vulnerability revealed that its root cause lies in the failure of the BaseDataStreamMarshall class to properly validate the class type of a Throwable in Java. This oversight can inadvertently create and execute instances of any class, leading to potential remote code execution risks.

Apache ActiveMQ, which is widely used for its efficient bandwidth usage and support for diverse message types, was patched by ASF after the discovery of the flaw. However, many systems remain vulnerable, making them easy targets for groups like Kinsing.

To combat these threats, organizations using Apache ActiveMQ are urged to patch their systems promptly. Additionally, regular security audits, configuration reviews, and vigilant monitoring of network traffic are essential practices for comprehensive cybersecurity. These steps are critical to defend against the spread of Kinsing and similar threats exploiting various vulnerabilities.