Hackers attack HFS servers to drop malware and Monero miners

Hackers are exploiting CVE-2024-23692, a critical-severity vulnerability in older versions of Rejetto’s HTTP File Server (HFS), to drop malware and cryptocurrency mining software. The vulnerability, which affects HFS versions up to 2.3m, allows unauthenticated arbitrary command execution. Despite warnings from Rejetto, HFS 2.3m remains widely used. AhnLab researchers observed that attackers leverage this flaw to gather system information, install backdoors, and deploy various malware, including the XMRig tool for Monero mining, XenoRAT, Gh0stRAT, PlugX, and GoThief. These attacks have been ongoing since the vulnerability’s public disclosure, with notable involvement from the LemonDuck threat group.

Hackers attack HFS servers to drop malware and Monero miners

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Hackers attack HFS servers to drop malware and Monero miners

04-July-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address