Threat actors are taking advantage of a critical vulnerability in PHP to deploy remote access trojans (RATs) like Quasar RAT and cryptocurrency miners. This security flaw, identified as CVE-2024-4577, affects Windows-based systems running PHP in CGI mode and enables attackers to execute arbitrary code remotely.
According to cybersecurity company Bitdefender, there’s been a notable rise in exploitation attempts targeting this vulnerability, particularly in Taiwan, Hong Kong, Brazil, Japan, and India. They report that about 15% of these attempts involve initial vulnerability checks, while another 15% focus on reconnaissance efforts such as process enumeration and network discovery.
Bitdefender’s technical director, Martin Zugec, noted that around 5% of the observed attacks led to the deployment of the XMRig cryptocurrency miner, sometimes disguised to appear as legitimate processes like javawindows.exe to evade detection. Additionally, recent campaigns have utilized this weakness to install remote access tools, execute malicious Windows installer files remotely, and modify firewall settings to block access to known malicious IP addresses.
This behavior suggests that different cryptojacking groups may be competing for control over the compromised servers, which has been evidenced by incidents where rival miners terminate each other’s processes before launching their own.
This security situation mirrors a campaign disclosed by Cisco Talos, which was particularly targeting organizations in Japan. Users are strongly encouraged to update their PHP installations to the latest version and restrict the use of tools like PowerShell to only privileged users to mitigate these threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.