Oracle servers targeted by new Linux malware to steal passwords, crypto

News
By published

Hackers are exploiting weak Oracle WebLogic servers to deploy malware

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Criminals have been spotted abusing poorly-defended Oracle WebLogic servers to mine cryptocurrency, build a DDoS botnet, and more.

Cybersecurity researchers Aqua saw several attacks in the wild, and decided to run a honeypot. They then saw a threat actor break through the weak password that was set up, and proceed to install a piece of malware called Hadooken.

This malware, used in “a few dozen” attacks over the past couple of weeks, comes with two key functionalities - cryptocurrency mining, and a distributed denial of service (DDoS) botnet. Furthermore, the malware grants the attackers full control over the compromised endpoint.

Hadooken

Oracle WebLogic is a Java-based application server that enables the development, deployment, and management of enterprise-level applications.

A robust, scalable platform for distributed applications, many firms use it for web services, portals, and database connectivity. It is usually used to run large-scale, mission-critical applications in finance, telecommunications, and e-commerce. With all of its popularity, WebLogic is also a major target for cybercriminals since, as The Register reports, it “includes various vulnerabilities.”

So far, the researchers saw the hackers use Hadooken to mine crypto, while other functionalities are yet to be used. It was also said that Hadooken has traces of ransomware functionality. “It could be the threat actor will introduce this attack to a Linux ransomware as well, or it is already introduced if the malware runs on the system longer than a sandbox execution,” they said.

Tracing the IP addresses of the Hadooken malware, the researchers came to two IP addresses, one of which belongs to a UK hosting company, but is registered in Germany. “In the past this IP address was linked to TeamTNT and Gang 8220, but this weak link cannot attribute this attack to any of these threat actors,” the researchers said. The second IP address is registered in Russia, under the same hosting company. It is currently inactive.

Via The Register

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
China
Chinese hackers develop effective new hacking technique to go after business networks
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Mobile phone with logo of video game distribution platform Steam operated by Valve on screen in front of web page

How to gift a game on Steam
See more latest
Most Popular
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar is a new microphone with the world's first Bluetooth audio gateway in a wired gaming mic
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)