Malicious Actors Exploit Confluence Vulnerability to Deliver Cryptocurrency Miner With Rootkit

Kerberods is responsible for dropping the cryptocurrency miner (khugepageds, detected as Coinminer.Linux.MALXMR.UWEJI) and its rootkit component. As mentioned earlier, this attack shares many of the same characteristics of last year’s incident, such as the use of pastebin as a C&C server, the miner payload, and its use of a rootkit to hide the malware. Unlike the older rootkit that only hooks the readdir function to hide the mining process, this new version hooks more functions. Most of the hooked functions would return a “No such file or directory error” if their parameter contains the file n ..