Microsoft Warns A Sinister Crypto Mining Botnet Is Actively Enslaving Windows And Linux

No one in computer security can catch a break lately, it seems, as yet another two major cybersecurity flaws have been found related to web servers.

Named Sysrv-K by security researchers on Microsoft's Security Intelligence Twitter, te vulnerabilities install botnets, which will run a crypto-coin miner on infected devices. However, the method of distribution is particularly nasty and can definitely be prolific.

What Sysrv-K will do is scan the internet for web servers or exposed web servers with security holes. Assuming it finds those holes it takes advantage of them to install itself and turn on that crypto miner, which uses massive amounts of system resources. Not particularly great for anyone on a pay-as-you-go cloud system.
Additional to this behavior, it will also look through WordPress configuration files and backups to find credentials. It even will look for SSH keys, IP addresses, hostnames and more. Once it receives this data it can potentially send a message out to someone via the Telegram app.

Additionally the Sysrv-K can attempt to connect itself to other servers and devices on the network and through its scans outside of the network. That effectively also makes this an outright virus by base definition (any software that duplicates itself). That means there's a possibility of network infection, and datacenter infection.

Some of what the exploits on the Wordpress side do is related to plugins that might use certain utilities if not kept up to date properly. On the other side of vulnerabilities this takes advantage of spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ as described in CVE-2022-22947.