Security News > 2021 > January > New Pro-Ocean malware worms through Apache, Oracle, Redis servers
The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis.
The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.
Rocke cryptojacking hackers have not changed their habit of attacking cloud applications and leverage known vulnerabilities to take control of unpatched Oracle WebLogic and Apache ActiveMQ servers.
The method is not new and is constantly seen in other malware.
Apart from delivering Pro-Ocean it also eliminates competition by terminating other malware and miners running on the infected host.
Although the malware currently takes advantage of just two vulnerabilities, Palo Alto Networks says that the list could be expanding and Pro-Ocean could target any cloud application if its developer decides to add more exploits.
News URL
Related news
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Researchers sinkhole PlugX malware server with 2.5 million unique IPs (source)