On May 2nd, 2020, a vulnerability in the Salt management framework was exploited by attackers to install cryptocurrency mining software on the popular Ghost blogging platform, the company said in a notice on its website.
Similarly, LineageOS, a free and open-source operating system, also revealed via twitter that a malware attack had recently attacked it. The attack took place last week on May 2nd after an unpatched vulnerability was exploited to breach salt installation.
According to LineageOS developers, the hacking took place after the attacker used unpatched vulnerabilities CVE-2020-11651 and CVE-2020-11652 to breach its Salt installation. This type of attack is very dangerous as the victim is completely unaware of the malware stealthily consuming the computational power.
The malicious attack is similar to the recently reported malware program that targeted Docker servers with Bitcoin (BTC) mining hardware in Feb. 2020.
The Attack on Ghost Exploited Computational Power To Mine Crypto
To be clear, the attack that infiltrated the blogging platform Ghost happened at LineageOS’s end. Luckily, the startup confirmed on its Twitter page that its signing keys, build, and source code has not been compromised. However, LineageOS’s builds have currently been paused due to an “unrelated issue since April 30th.”
Ghost.org reckoned that all traces of the malicious virus had been removed from the network, and things were getting back to normal. It wrote:
“All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network.”
Developers are now working hard on remediation to clean and rebuild their entire network.
Cryptojacking Has Been Increasingly Rife In Recent Years
As we had recently reported, Crypto-mining malware — sometimes referred to as “crypto-jacking” — has been increasingly rife in recent years. The report indicated that Cryptojacking attacks have surged by 450% over the last few years.
Just recently, in April, cybersecurity expert startup Guardicore Labs publicized that more than 50,000 servers across the world had been infected with a crypto-jacking software that mined Turtlecoin (TRTL).
The privacy-based altcoin XMR has been predominant in crypto-jacking attacks, with crypto researchers noting back in mid-2018 that about 5% of the altcoin in circulation had been created via stealth mining.