Blog | G5 Cyber Security

Attack Campaign Exploits CVE-2019-2725, Abuses Certificate Files to Deliver Monero Miner

Researchers observed an attack campaign exploiting CVE-2019-2725 and abusing certificate files to deliver a Monero miner. The attack uses a PowerShell script to download a certificate file from its command-and-control (C&C) server. This resource downloads and executes another PowerShell script from memory that, in turn, downloads and execute various files. Security teams can better avoid unwanted Monero miners by using threat feeds in tandem with a security information and event management tool to watch for malicious traffic that could be looking to exploit vulnerabilities.”]

Source: https://securityintelligence.com/news/attack-campaign-exploits-cve-2019-2725-abuses-certificate-files-to-deliver-monero-miner/

Exit mobile version