According to Cybereason, these scripts have been used in an ongoing campaign exploiting a widespread vulnerability in the Exim MTA: CVE-2019-10149. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.
|2019-06-13 ⋅ Cybereason ⋅ |
New Pervasive Worm Exploiting Linux Exim Server Vulnerability
Unidentified Linux 001
There is no Yara-Signature yet.