Cybercriminals are now exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool

Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7.

The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU).

According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The vulnerability can be avoided by downloading patched versions of Confluence Server and Data Center.

Also read: As well as supporting a wide range of mainstream crypto, Bcnex says it is constantly expanding its offering to other quality tokens

Source: https://cointelegraph.com/news/cybercriminals-sneak-in-crypto-mining-malware-via-confluence-software-exploit