admin A now-patched vulnerability in VMware Workspace ONE Entry has been noticed being exploited to ship each cryptocurrency miners and ransomware on affected machines.
“The attacker intends to make the most of a sufferer’s sources as a lot as doable, not solely to put in RAR1Ransom for extortion, but additionally to unfold GuardMiner to gather cryptocurrency,” Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report.
The difficulty, tracked as CVE-2022-22954 (CVSS rating: 9.8), considerations a distant code execution vulnerability that stems from a case of server-side template injection.
Though the shortcoming was addressed by the virtualization companies supplier in April 2022, it has since come underneath active exploitation within the wild.
Fortinet stated it noticed in August 2022 assaults that sought to weaponize the flaw to deploy the Mirai botnet on Linux gadgets in addition to the RAR1Ransom and GuardMiner, a variant of the XMRig Monero miner.
The Mirai pattern is retrieved from a distant server and is designed to launch denial-of-service (DoS) and brute-force assaults geared toward well-known IoT gadgets by making use of an inventory of default credentials.
The distribution of RAR1Ransom and GuardMiner, alternatively, is achieved by way of a PowerShell or a shell script relying on the working system. RAR1ransom can be notable for leveraging the reliable WinRAR utility to provoke the encryption course of.
The findings are one more reminder that malware campaigns proceed to actively exploit just lately disclosed flaws to interrupt into unpatched methods, making it important that customers prioritize making use of essential safety updates to mitigate such threats.
