Kinsing Malware Targets Apache Tomcat Servers: Tenable Warns of Advanced Stealth Tactics

Kinsing Malware Targets Apache Tomcat Servers: Tenable Warns of Advanced Stealth Tactics

Tenable has disclosed that its Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, is exploiting Apache Tomcat servers with new advanced stealth techniques.

Kinsing is a notorious malware family active for several years, primarily targeting Linux-based cloud infrastructure. Known for leveraging various vulnerabilities to gain unauthorised access, the threat actors behind the Kinsing malware typically deploy backdoors and cryptocurrency miners (cryptominers) on compromised systems. After infection, Kinsing uses system resources for cryptomining, which leads to higher costs and slower server performance.

Today Tenable has disclosed that Kinsing also attacks Apache Tomcat servers, and uses new techniques to hide itself on the filesystem, including utilising innocent and non-suspicious file locations for persistence. 

โ€œCloud cryptomining has become an emerging trend in recent years, powered by the scalability and flexibility of cloud platforms,โ€ said Ari Eitan, Manager - Research, Tenable. โ€œUnlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit. In this case, we've detected multiple Kinsing infected servers within a singular environment, including an Apache Tomcat server with critical vulnerabilities.โ€

๐’๐ญ๐š๐ฒ ๐ข๐ง๐Ÿ๐จ๐ซ๐ฆ๐ž๐ ๐ฐ๐ข๐ญ๐ก ๐จ๐ฎ๐ซ ๐ฅ๐š๐ญ๐ž๐ฌ๐ญ ๐ฎ๐ฉ๐๐š๐ญ๐ž๐ฌ ๐›๐ฒ ๐ฃ๐จ๐ข๐ง๐ข๐ง๐  ๐ญ๐ก๐ž WhatsApp Channel now! ๐Ÿ‘ˆ๐Ÿ“ฒ

๐‘ญ๐’๐’๐’๐’๐’˜ ๐‘ถ๐’–๐’“ ๐‘บ๐’๐’„๐’Š๐’‚๐’ ๐‘ด๐’†๐’…๐’Š๐’‚ ๐‘ท๐’‚๐’ˆ๐’†๐ฌ ๐Ÿ‘‰ FacebookLinkedInTwitterInstagram

Related Stories

No stories found.