According to a recent report, hackers are exploiting a security flaw in XWiki, a web-based platform for content creation, to run programs on computers they don’t own.
The bug in XWiki’s template system has made it possible for bad actors to mine the Monero (XMR) cryptocurrency without permission.
Hackers send a request that downloads a small program (x640) onto the computer of an unfortunate victim. Later, another request runs this program, and the program in question downloads two more scripts (x521 and x522 install a Monero miner (tcrond) and make it run and stop any other mines on the infected machine.
The Monero tokens mined with the hacked computer are then sent via c3pool.org.
The Hacker News report, which cites data from the CISA, has also mentioned security flaws in DELMIA Apriso that allowed hackers to run code remotely in a similar fashion.
How to protect your computer?
Those who have potentially fallen victim to cryptojacking, the practice of illegally mining crypto with the help of someone else's machine, should block the IPs and monitor the network for connections to c3pool.org.
Of course, one should also remove the files associated with the miner if they are found on the existing computer.
Dan Burgin
Vladislav Sopov
U.Today Editorial Team