Various systems are being targeted by a new malware which exploits a hard to patch vulnerability.
The malware is a crypto-currency mining malware which has been active since December 2019 and is developed by a group called Blue Mockingbird. Researchers say Blue Mockingbird attacks public-facing servers running ASP.NET apps that use the Telerik framework for their user interface component.
Hackers exploit the CVE-2019-18935 vulnerability to plant a web shell on the attacked server. They then attempt to gain admin rights of the system and modify the server settings. The malware is also capable of spreading within the network of an organization.
RDP (Remote Desktop Protocol) and SMB (Server Message Block) connections are generally exploited by the hackers to spread the malware within a network. Telerik UI vulnerability is the one that possesses great threat as many of the organizations are not aware about it.
Telerik UI vulnerability has been one of the most exploited vulnerabilities in 2019-20 and is reported on a large number of times. Organizations which have this UI component must take the matter seriously and keep the component properly patched and always updated.
NPAV recommends users to maintain a habit of updating the software that they use. Frequently updating the software narrows the probability of getting trapped in one of these attacks.
Use NPAV and join us on a mission to secure the cyber world.