Security News > 2024 > July > Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software.
The researchers say that during the attacks the hackers collect information about the system, install backdoors and various other types of malware.
In many cases, the attackers terminate the HFS process after they add a new user to the administrators' group, to prevent other threat actors from using it.
AhnLab researchers note that they keep detecting attacks on version 2.3m of HFS. Because the server needs to be exposed online for the file sharing to be possible, hackers will like continue looking for vulnerable versions to attack.
The company provides a set of indicators of compromise in the report, which include hashes for the malware installed on breached systems, IP addresses for attacker command and control servers, and the download URLs for the malware used in the attacks.
Microsoft fixes Windows zero-day exploited in QakBot malware attacks.
News URL
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)