HolesWarm Malware Goes After Windows and Linux, Mines Monero
The HolesWarm Malware infiltrates Windows and Linux systems in order to harvest their hardware resources for cryptocurrency mining. Such attacks are often difficult to spot because the cryptocurrency miners take extra measures to conceal their behavior. For example, some of them tend to pause the mining task when the user opens the Task Manager or another process-monitoring software. This way, the high CPU usage will go unnoticed. The HolesWarm Malware, in particular, leverages over 20 vulnerabilities in outdated Linux and Windows components. So far, the HolesWarm malware has taken over at least a 1,000 cloud-based systems.
HolesWarm Malware Exploits Web-connected Services
The components that HolesWarm Malware is able to exploit include Jenkins, Shiro, Spring Boot, Apache Tomcat, Weblogic, and others. To stay safe from such attacks, network administrators should make sure that all Web-connected software has received the latest updates and patches. If the miner runs successfully, it will use the CPU power of the system to mine for Monero. All cryptocurrency that the system generates is sent to the wallet of the attackers.
However, analysts who examined the HolesWarm Malware report that it might pack more features under the hood. Although the cryptocurrency mining module appears to be the primary part of the attack, this implant has other capabilities. It might enable the remote operator to take control over the compromised system, execute commands, and even obtain login credentials.
While the HolesWarm Malware is not that popular yet, its operators appear to be serious about their campaign. The implant and attack receive regular updates to exploit different infection vectors. Stay safe by applying the latest security patches, and activate a reputable anti-malware software suite.