Attempted exploitation of the critical PHP-CGI vulnerability, tracked as CVE-2024-4577, has escalated since late last year, particularly in Taiwan, Hong Kong, Brazil, Japan, and India, reports The Hacker News.
While nearly a third of such attempts involved vulnerability checks and system reconnaissance commands, almost 5% of the attacks have been launched to facilitate XMRig cryptocurrency miner delivery, according to a Bitdefender analysis. Quasar RAT and other remote access tools, as well as malicious Windows installer files have also been distributed through the exploitation of the security issue. On the other hand, the abuse of the flaw to enable firewall configuration changes that sought to prevent access to malicious IPs has led to suspected competition between various cryptojacking operations. "Since most campaigns have been using LOTL tools, organizations should consider limiting the use of tools such as PowerShell within the environment to only privileged users such as administrators," said Bitdefender Technical Solutions Director Martin Zugec.
