H2miner

Malware updated 7 months ago (2024-05-04T20:57:51.112Z)

Download STIX

Preview STIX

H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once installed, it can disrupt operations, steal personal information, and even hold data hostage for ransom. On November 20, 2023, cybersecurity researchers at Trend Micro discovered an active exploitation of a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604. This vulnerability was being leveraged by cybercriminals to download and infect Linux systems with the Kinsing malware and a cryptocurrency miner. This attack technique has been previously associated with other malware families such as H2Miner and HeadCrab, which are known for illicitly mining cryptocurrency on compromised hosts. The exploitation of the Apache ActiveMQ vulnerability represents a significant security risk, as it allows the attacker to gain unauthorized access to sensitive data and system resources. It's crucial for organizations to keep their systems updated and patched against known vulnerabilities, and to employ robust cybersecurity measures to detect and prevent such intrusions. The discovery of this exploitation underscores the persistent threat posed by malware like h2miner and the importance of proactive cybersecurity strategies.

Description last updated: 2024-01-06T05:42:07.967Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Kinsing is a possible alias for H2miner. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informa	2
CVE-2023-46604 is a possible alias for H2miner. CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Apache

Exploit

Apache Activ...

Vulnerability

Activemq

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the H2miner Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
CERT-EU	a year ago	Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw
Trend Micro	a year ago	CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
CERT-EU	a year ago	New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods