Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities - #Kinsing
The Kinsing malware, a persistent threat targeting Linux-based cloud infrastructures, has been actively exploiting vulnerabilities to expand its illicit cryptocurrency mining operations. Recent campaigns have focused on compromising Apache ActiveMQ, Apache Tomcat, and other open-source applications by leveraging critical vulnerabilities like CVE-2023-46604 and misconfigurations to gain initial access and execute remote code. The malware employs sophisticated techniques to evade detection, such as hiding in system directories typically used for legitimate files and disabling security measures. Kinsing's primary objectives are deploying cryptominers like XMRig for Monero mining and establishing backdoors for persistent access, leading to increased costs and reduced performance for compromised systems.