Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware
Oct 21, 2022
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report. The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), concerns a remote code execution vulnerability that stems from a case of server-side template injection. Although the shortcoming was addressed by the virtualization services provider in April 2022, it has since come under active exploitation in the wild. Fortinet said it observed in August 2022 attacks that sought to weaponize the flaw to deploy the Mirai botnet on Linux devices as well as the RAR1Ransom and GuardMiner , a variant of the XMRig Monero miner. The Mirai sample is re...
