Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The current cyber attack is aimed at exposing the Selenium network services for crypto mining
Global Security

The current cyber attack is aimed at exposing the Selenium network services for crypto mining

AdminBy AdminJuly 26, 2024No Comments3 Mins Read
Selenium Grid Services
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 26, 2024Information hall

Selenium Grid Services

Cybersecurity researchers sound the alarm over a campaign that uses information about the Internet Selenium Grid Services for illegal cryptocurrency mining.

Cloud Security Wiz tracks activity under name SeleniumGrad. A campaign targeting older versions of Selenium (3.141.59 and earlier) is believed to be ongoing at least from April 2023.

“What most users don’t know is that the Selenium WebDriver API provides full interaction with the machine itself, including reading and downloading files and executing remote commands,” Wiz researchers Avigail Mechtinger, Gilly Tikaczynski, and Dor Laska said.

Cyber ​​security

“By default, authentication is not enabled for this service. This means that many public instances are misconfigured and can be accessed by anyone and used for malicious purposes.”

Selenium Grid, part of the Selenium automated testing system, provides parallel execution of tests for multiple workloads, different browsers, and different browser versions.

Selenium Grid Services

“Selenium Grid must be protected from external access with appropriate firewall permissions,” project staff to warn in the supporting documentation, which states that otherwise third parties can run arbitrary binaries and access internal web applications and files.

Who exactly is behind the attack is still unknown. However, it includes a threat that targets publicly exposed instances of Selenium Grid and uses the WebDriver API to run the Python code responsible for loading and running the XMRig miner.

Begins with an adversary sending a request to a Selenium Grid vulnerability to execute a Python program containing a Base64-encoded payload that creates a reverse shell to an attacker-controlled server (“164.90.149(.)104”) to retrieve the final payload, a modified version open source XMRig miner.

“Instead of hard-coding the pool’s IP address into the miner’s configuration, they dynamically generate it at runtime,” the researchers explained. “They also installed XMRig’s TLS fingerprint feature in the added code (and in the configuration), ensuring that the miner will only communicate with servers controlled by the threat actor.”

The IP address in question is said to belong to a legitimate service that was compromised by the threat actor as it was found to contain a publicly exposed instance of Selenium Grid.

Wiz said that remote command execution is possible on newer versions of Selenium and that he has identified more than 30,000 instances that are vulnerable to remote command execution, making it imperative that users take steps to fix the misconfiguration.

“Selenium Grid is not designed for Internet access, and its default configuration does not enable authentication, so any user with network access to the hub can interact with the nodes via the API,” the researchers said.

“This creates a significant security risk if the service is deployed on a machine with a public IP that has an inadequate firewall policy.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.