Security News > 2023 > November > Apache ActiveMQ bug exploited to deliver Kinsing malware

Apache ActiveMQ bug exploited to deliver Kinsing malware
2023-11-21 11:49

Attackers are exploiting a recently fixed vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems.

Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services by translating messages exchanged via different protocols.

Although a patch has been issued in late October, there have been reports of it being exploited by ransomware attackers wielding the HelloKitty ransomware family, as well as to deliver the SparkRAT malware.

Kinsing malware targeting Apache ActiveMQ. "The Kinsing malware is a critical threat that primarily targets Linux-based systems and can infiltrate servers and spread rapidly across a network. It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments," Trend Micro researchers explained.

The attackers exploit CVE-2023-46604 to download and execute Kinsing malware and cryptocurrency mining software.

"Once Kinsing infects a system, it deploys a cryptocurrency-mining script that exploits the host's resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative impact on system performance," the researchers said.


News URL

https://www.helpnetsecurity.com/2023/11/21/apache-activemq-kinsing-malware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in Apache Activemq
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache CWE-502
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 295 60 850 635 290 1835