Openfire messaging servers have a high-severity vulnerability that hackers are actively using to install cryptominers and encrypt servers with ransomware. A popular Java-based open-source chat (XMPP) server called Openfire has been downloaded 9 million times and is frequently used for private, cross-platform chat communications.
These accounts are used by the attackers to install malicious Java plugins (JAR files), which then carry out instructions received via GET and POST HTTP requests.
All Openfire versions from 3.10.0, which was released in 2015, up to 4.6.7 and from 4.7.0 to 4.7.4 are affected by this critical issue.