Security News > 2021 > January > New Pro-Ocean malware worms through Apache, Oracle, Redis servers
The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis.
The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.
Rocke cryptojacking hackers have not changed their habit of attacking cloud applications and leverage known vulnerabilities to take control of unpatched Oracle WebLogic and Apache ActiveMQ servers.
The method is not new and is constantly seen in other malware.
Apart from delivering Pro-Ocean it also eliminates competition by terminating other malware and miners running on the infected host.
Although the malware currently takes advantage of just two vulnerabilities, Palo Alto Networks says that the list could be expanding and Pro-Ocean could target any cloud application if its developer decides to add more exploits.
News URL
Related news
- Oracle Cloud says it's not true someone broke into its login servers and stole data (source)
- Oracle Health reportedly warns of info leak from legacy server (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
- Police detains Smokeloader malware customers, seizes servers (source)
- Oracle says "obsolete servers" hacked, denies cloud breach (source)