HolesWarm Malware Exploits Unpatched Windows, Linux Servers
Researchers at Tencent have warned of a botnet crypto miner that has already compromised 1,000 or more clouds since June. The crypto miner, called HolesWarm, leverages more than 20 different known vulnerabilities in Linux and Windows servers to break into cloud hosts. The botnet has been so successful at breaching systems that researchers at Tencent refer to it as the “king of vulnerability exploitation.” Tencent warned that the government and organizations should mitigate known vulnerabilities as soon as possible and implement patches as they become available to prevent becoming a victim of a HolesWarm attack.
The botnet has switched between more than 20 attack methods in a short period of time, and its constant evolution makes it more difficult to defend against. HolesWarm also gives attackers password information and control of the victim’s server, according to researchers. Tencent observed HolesWarm exploiting high-risk vulnerabilities in various office server components such as Apache Tomcat, Weblogic, Spring Boot, Jenkins, and Shiro.