Hackers attack HFS servers to drop malware and Monero miners

04-July-24

Hackers are exploiting CVE-2024-23692, a critical-severity vulnerability in older versions of Rejetto’s HTTP File Server (HFS), to drop malware and cryptocurrency mining software. The vulnerability, which affects HFS versions up to 2.3m, allows unauthenticated arbitrary command execution. Despite warnings from Rejetto, HFS 2.3m remains widely used. AhnLab researchers observed that attackers leverage this flaw to gather system information, install backdoors, and deploy various malware, including the XMRig tool for Monero mining, XenoRAT, Gh0stRAT, PlugX, and GoThief. These attacks have been ongoing since the vulnerability’s public disclosure, with notable involvement from the LemonDuck threat group.









Read More…