VPN users beware — security flaws are being exploited to spread dangerous malware

Now, some hacking collectives seem to be using the flaws to first deliver KrustyLoader, a payload dropper built in Rust. Synacktiv researchers are saying that KrustyLoader’s goal is to download Sliver from a remote server and run it on the compromised endpoint. Sliver, on the other hand, is an open-source, cross-platform post-exploitation framework built in the Go language. Some use it as an alternative to Cobalt Strike, it was said.

More bugs to patch

It first emerged in mid-2022, when BleepingComputer reported of hackers “dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known.” These include not just Sliver, but also Brute Ratel, Viper, Meterpreter, and Havoc. Apparently, hackers started ditching Cobalt Strike due to stronger defenses being set up by their targets. Sliver was developed by a cybersecurity firm called BishopFox. 

The patch for the two flaws is not yet available, it was said, but Ivanti did release a temporary mitigation solution via an XML file. 

Besides Sliver, some hackers are apparently using these vulnerabilities to install XMRig on the vulnerable endpoints. XMRig is a cryptojacker that “hijacks” the device’s computing power and quietly mines the Monero cryptocurrency for the attackers. “Quietly” being a stretch, however, as miners take up so much computing power that it’s hard not to see the device performing poorly.

Via The Hacker News

More from TechRadar Pro

• GitLab users told to install emergency security fix immediately
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now