Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this vulnerability is exploited, it allows attackers to map URLs to files outside the directories configured by Alias-like directives. Under certain configurations where Common Gateway Interface (CGI) scripts are enabled for aliased paths, attackers can also use it for RCE. As the initial fix was deemed insufficient, a bypass was later reported for the fix and tracked as CVE-2021-42013.

Official fixes have been rolled out by Apache HTTP Server Project. However, when Trend Micro researchers looked at the malicious samples abusing this vulnerability, they found more of these exploits being abused to target different gaps in products and packages for malicious mining of Monero. In this blog, researchers look into the abuse of GitHub and Netlify repositories and platforms for hosting cryptocurrency-mining tools and scripts. trend Micro have already informed GitHub and Netlify of the malicious activities and they have taken down the accounts.

Read more…
Source: Trend Micro