The botnet cryptominer has already compromised 1,000-plus clouds since June.
By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June.
The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to the malware as the “King of Vulnerability Exploitation.”
Tencent warned that both government and enterprise should mitigate known vulnerabilities as soon as possible to prevent from falling prey to the next HolesWarm attack.
“As the HolesWarm virus has changed more than 20 attack methods in a relatively short period of time, the number of lost cloud hosts is still on the rise,” Tencnt analysts said in its Tuesday report.
Besides its cryptomining function, HolesWarm gives attackers password information and even control of the victim’s server.
HolesWarm Exploits Known Vulns The Tencent team observed HolesWarm using high-risk vulnerabilities in various common office server components, including Apache Tomcat, Jenkins, Shiro, Spring boot, Structs2, UFIDA, Weblogic, XXL-JOB and Zhiyuan.