Vulnerable Rejetto HTTP File Server versions 2.3m and older impacted by the critical severity template injection flaw, tracked as CVE-2024-23692, have been subjected to attacks distributing cryptomining software and other malicious payloads, reports BleepingComputer.
Intrusions aimed at the widely used Rejetto HFS version 2.3m commenced with the use of the exploit for executing commands that would obtain system and user information, identify connected devices, and end the HFS process before the deployment of the XMRig cryptomining tool for Monero mining and the XenoRAT trojan for remote access and control, according to a report from the AhnLab Security Intelligence Center, which linked one of the Monero attacks to the LemonDuck threat operation. Attackers also proceeded to deliver the Gh0stRAT and PlugX backdoors for data exfiltration and persistent access, respectively, as well as the GoThief information-stealing malware. Organizations have been urged to use Rejetto HFS version 0.52.x to prevent compromise from malware attacks.