Confluence Vulnerabilities Exploited to Deliver Miner and Rootkit
A Widget Connector vulnerability found in the Atlassian Confluence Server is actively being exploited. Several attacks have been detected using CVE-2019-3396 over a short length of time. The threat actor is distributing Kerberods malware, a combination of a Monero crypto-miner and a rootkit, to obfuscate its activity. The malware is designed to hunt and kill other cryptocurrency miners that may already be present on the compromised device in order to use more resources for itself. For more details and indicators of compromise (IoC’s), please review TrendMicro’s blog. The NJCCIC recommends users patch systems immediately and continue monitoring to detect any threats.