New ScrubCrypt Crypter: A Stealthy Weapon in Cryptojacking Attacks on Oracle WebLogic

Reading Time: ( Word Count: )

March 9, 2023

Recently, a new type of crypter has been identified in a series of crypto-jacking attacks targeting Oracle WebLogic servers. To conduct crypto jacking activities, the infamous bitcoin mining organization known as 8220 Gang has been seen employing a unique crypter named ScrubCrypt. It is highly effective at evading detection by security software, making it a formidable weapon for cybercriminals.

Fortinet FortiGuard Labs claims that the malware chain starts when vulnerable Oracle WebLogic systems are successfully exploited to install a PowerShell script that includes ScrubCrypt.

Cryptojacking is a form of cyberattack where attackers use the computing power of a victim’s machine to mine cryptocurrency. In the case of the recent attacks on Oracle WebLogic servers, the attackers were using the ScrubCrypt crypter to inject malware into the servers and then mine cryptocurrency using the server’s computing power.

Cryptojacking Attacks on Oracle WebLogic

According to security researchers, the ScrubCrypt crypter is unique in its ability to evade detection by security software. The crypter uses advanced obfuscation techniques to make the malware code challenging to detect and analyze. Additionally, the crypter can modify its code at runtime, making it even more difficult to detect and analyze.

Also Read: “Soulless Espionage: Sharp Panda Targets Southeast Asian Governments with Latest Framework”

The attacks on Oracle WebLogic servers are particularly concerning because large enterprises and organizations commonly use these servers. The attackers behind the recent attacks are believed to be using the compromised servers to mine cryptocurrency on a large scale, potentially netting significant profits.

In response to the attacks, security experts are urging organizations to take steps to secure their WebLogic servers. This includes keeping server software current, implementing strong password policies, and using security software capable of detecting and blocking ScrubCrypt and other crypters.

While the ScrubCrypt crypter is a new and relatively unknown threat, experts warn that it is unlikely to be the last. As cybercriminals continue to develop new techniques and tools, organizations must remain vigilant and proactive in protecting themselves against cyberattacks.

Saher Mahmood

Saher Mahmood


Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...

Submit a Comment

Your email address will not be published. Required fields are marked *