Recently, a new type of crypter has been identified in a series of crypto-jacking attacks targeting Oracle WebLogic servers. To conduct crypto jacking activities, the infamous bitcoin mining organization known as 8220 Gang has been seen employing a unique crypter named ScrubCrypt. It is highly effective at evading detection by security software, making it a formidable weapon for cybercriminals.
Fortinet FortiGuard Labs claims that the malware chain starts when vulnerable Oracle WebLogic systems are successfully exploited to install a PowerShell script that includes ScrubCrypt.
Cryptojacking is a form of cyberattack where attackers use the computing power of a victim’s machine to mine cryptocurrency. In the case of the recent attacks on Oracle WebLogic servers, the attackers were using the ScrubCrypt crypter to inject malware into the servers and then mine cryptocurrency using the server’s computing power.
According to security researchers, the ScrubCrypt crypter is unique in its ability to evade detection by security software. The crypter uses advanced obfuscation techniques to make the malware code challenging to detect and analyze. Additionally, the crypter can modify its code at runtime, making it even more difficult to detect and analyze.
The attacks on Oracle WebLogic servers are particularly concerning because large enterprises and organizations commonly use these servers. The attackers behind the recent attacks are believed to be using the compromised servers to mine cryptocurrency on a large scale, potentially netting significant profits.
In response to the attacks, security experts are urging organizations to take steps to secure their WebLogic servers. This includes keeping server software current, implementing strong password policies, and using security software capable of detecting and blocking ScrubCrypt and other crypters.
While the ScrubCrypt crypter is a new and relatively unknown threat, experts warn that it is unlikely to be the last. As cybercriminals continue to develop new techniques and tools, organizations must remain vigilant and proactive in protecting themselves against cyberattacks.