Security News > 2023 > November > Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems.
Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services by translating messages exchanged via different protocols.
Although a patch has been issued in late October, there have been reports of it being exploited by ransomware attackers wielding the HelloKitty ransomware family, as well as to deliver the SparkRAT malware.
Kinsing malware targeting Apache ActiveMQ. "The Kinsing malware is a critical threat that primarily targets Linux-based systems and can infiltrate servers and spread rapidly across a network. It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments," Trend Micro researchers explained.
The attackers exploit CVE-2023-46604 to download and execute Kinsing malware and cryptocurrency mining software.
"Once Kinsing infects a system, it deploys a cryptocurrency-mining script that exploits the host's resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative impact on system performance," the researchers said.
|2023-10-27||CVE-2023-46604|| Deserialization of Untrusted Data vulnerability in Apache Activemq |
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
| 9.8 |