Hackers are exploiting vulnerable Jira and Exim servers with the end goal of infecting them with a new Watchbog Linux Trojan variant and using the resulting botnet as part of a Monero cryptomining operation. The latest variant uses a malicious payload designed to exploit the 12-day old Jira template injection vulnerability tracked as CVE-2019-11581 that leads to remote code execution. The malware will also achieve persistence by adding itself to multiple crontab files to make sure that it can come back and reinfect the system.
Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-jira-exim-linux-servers-to-keep-the-internet-safe/