Cyber SecurityNews

Tenable Warns That Kinsing Malware Is Exploiting Apache Tomcat Servers With New Advanced Stealth Techniques

Ari Eitan, Manager - Research, Tenable
Ari Eitan, Manager - Research, Tenable

Kinsing malware has previously been seen targeting Linux-based cloud infrastructures

 Today, Tenable disclosed that its Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, is exploiting Apache Tomcat servers with new advanced stealth techniques.

“We’ve detected multiple Kinsing infected servers within a singular environment, including an Apache Tomcat server with critical vulnerabilities.”

– Ari Eitan, Manager – Research, Tenable

Kinsing is a notorious malware family active for several years, primarily targeting Linux-based cloud infrastructure. Known for leveraging various vulnerabilities to gain unauthorised access, the threat actors behind the Kinsing malware typically deploy backdoors and cryptocurrency miners (cryptominers) on compromised systems. After infection, Kinsing uses system resources for cryptomining, which leads to higher costs and slower server performance.

Today Tenable has disclosed that Kinsing also attacks Apache Tomcat servers, and uses new techniques to hide itself on the filesystem, including utilising innocent and non-suspicious file locations for persistence. 

“Cloud cryptomining has become an emerging trend in recent years, powered by the scalability and flexibility of cloud platforms,” said Ari Eitan, Manager – Research, Tenable. “Unlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit. In this case, we’ve detected multiple Kinsing infected servers within a singular environment, including an Apache Tomcat server with critical vulnerabilities.”

Related posts

SoftTech Engineers Limited Announces AmpliNXT, A Hybrid Start-up Program

adminsmec

MATRIX 5MP Professional Series Bullet IP Camera

adminsmec

New Agreement with AWS to Strengthen Crayon’s Cloud and Automation Capabilities

adminsmec

Leave a Comment

x