H2miner

Malware updated 4 months ago (2024-05-04T20:57:51.112Z)
Download STIX
Preview STIX
H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once installed, it can disrupt operations, steal personal information, and even hold data hostage for ransom. On November 20, 2023, cybersecurity researchers at Trend Micro discovered an active exploitation of a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604. This vulnerability was being leveraged by cybercriminals to download and infect Linux systems with the Kinsing malware and a cryptocurrency miner. This attack technique has been previously associated with other malware families such as H2Miner and HeadCrab, which are known for illicitly mining cryptocurrency on compromised hosts. The exploitation of the Apache ActiveMQ vulnerability represents a significant security risk, as it allows the attacker to gain unauthorized access to sensitive data and system resources. It's crucial for organizations to keep their systems updated and patched against known vulnerabilities, and to employ robust cybersecurity measures to detect and prevent such intrusions. The discovery of this exploitation underscores the persistent threat posed by malware like h2miner and the importance of proactive cybersecurity strategies.
Description last updated: 2024-01-06T05:42:07.967Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Kinsing
2
Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informa
CVE-2023-46604
2
CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apache
Exploit
Apache Activ...
Vulnerability
Activemq
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the H2miner Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
CERT-EU
10 months ago
Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw
Trend Micro
10 months ago
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
CERT-EU
a year ago
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods