Security News > 2023 > November > Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Kinsing malware targets Linux systems and its operator is notorious for leveraging known flaws that are often overlooked by system administrators.
"Currently, there are existing public exploits that leverage the ProcessBuilder method to execute commands on affected systems," the researchers explain.
"In the context of Kinsing, CVE-2023-46604 is exploited to download and execute Kinsing cryptocurrency miners and malware on a vulnerable system" - Trend Micro.
To mitigate the threat, system administrators are recommended to upgrade Apache Active MQ to versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which address the security issue.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
News URL
Related news
- MATA malware framework exploits EDR in attacks on defense firms (source)
- VMware warns admins of public exploit for vRealize RCE flaw (source)
- RCE exploit for Wyze Cam v3 publicly released, patch now (source)
- 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (source)
- TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (source)
- CISA warns of actively exploited Juniper pre-auth RCE exploit chain (source)
- New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (source)
- Exploit for CrushFTP RCE chain released, patch now (source)
- Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits (source)
- Apache ActiveMQ bug exploited to deliver Kinsing malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in Apache Activemq The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |