Researchers from F5 Networks Inc. convey found that hackers are targeting a flaw inwards the pop rTorrent application to install crypto-mining software on computers running Unix-like operating systems. They convey thus far generated over $3,900.
This effort exploits a previously undisclosed misconfiguration vulnerability in addition to deploys a Monero (XMR) crypto-miner operation.
The attacks exploit XML-RPC, an rTorrent interface that uses XML in addition to HTTP to access remote computers, in addition to for which rTorrent doesn’t demand whatever authentication. Shell commands tin terminate hold upward executed straight on the OS rTorrent runs on.
The hackers position the computers running RPC-enabled rTorrent apps on the network in addition to target them to install Monero, the digital money mining software.
The malware downloaded doesn’t simply run mining software but likewise scans for competition miners in addition to removes them.
The vulnerabilities beingness exploited are inwards or thus respects similar to those reported through the Google Zero projection inwards the BitTorrent customer uTorrent. The divergence lies inwards that the rTorrent flaw tin terminate hold upward exploited without whatever user interaction rather than exclusively past times sites visited past times the user.
The XML-RPC interface isn’t enabled past times default in addition to rTorrent recommends non using RPC over TCP sockets.
Below is an e-mail rTorrent developer Jari Sundell wrote regarding the flaw:
Currently, the hackers generate nearly $43 per hateful solar daytime using this exploit in addition to convey already generated $3,900 combined.
This effort exploits a previously undisclosed misconfiguration vulnerability in addition to deploys a Monero (XMR) crypto-miner operation.
The attacks exploit XML-RPC, an rTorrent interface that uses XML in addition to HTTP to access remote computers, in addition to for which rTorrent doesn’t demand whatever authentication. Shell commands tin terminate hold upward executed straight on the OS rTorrent runs on.
The hackers position the computers running RPC-enabled rTorrent apps on the network in addition to target them to install Monero, the digital money mining software.
The malware downloaded doesn’t simply run mining software but likewise scans for competition miners in addition to removes them.
The vulnerabilities beingness exploited are inwards or thus respects similar to those reported through the Google Zero projection inwards the BitTorrent customer uTorrent. The divergence lies inwards that the rTorrent flaw tin terminate hold upward exploited without whatever user interaction rather than exclusively past times sites visited past times the user.
The XML-RPC interface isn’t enabled past times default in addition to rTorrent recommends non using RPC over TCP sockets.
Below is an e-mail rTorrent developer Jari Sundell wrote regarding the flaw:
There is no piece equally the vulnerability is due to a lack of noesis nearly what is exposed when enabling RPC functionality, rather than a fixable flaw inwards the code. It was ever assumed, from my perspective, that the user would ensure they properly handled access restriction. No 'default behavior' for rpc is enabled past times rtorrent, in addition to using unix sockets for RPC is what I'm recommending. The failure inwards this illustration is maybe that I've created a slice of software that is rattling flexible, nevertheless non good plenty documented that regular users sympathise all the pitfalls.
Currently, the hackers generate nearly $43 per hateful solar daytime using this exploit in addition to convey already generated $3,900 combined.
