Security researchers at Tencent are warning about a new cryptomining botnet, which they are referring to as the “King of Vulnerability Exploitation.” Dubbed HolesWarm, the botnet has been steadily growing since the beginning of June and has been observed using over 20 known vulnerabilities in order to compromise vulnerable Windows and Linux servers.
The Tencent security researchers observed HolesWarm using high-risk vulnerabilities in various common office server components, including Docker, Apache Tomcat, Jenkins, Shiro, Spring boot, Structs2, UFIDA, Weblogic, XXL-JOB and Zhiyuan.
In addition to cryptomining functionality, the malware allows its operators to collect password information and take over the victim’s server. According to the researchers, once HolesWarm gets a foothold on the victim’s server it steals local passwords, spreads to other computers on the network, and then deploys an XMRig-based cryptocurrency mining tool.
The Tencent security team has also shared Indicators of Compromise related to this new threat.