Attackers have generated $ 3,900 so far in an ongoing campaign that’s exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.
The misconfiguration vulnerabilities are similar in some respects to ones Google Project Zero researcher Tavis Ormandy reported recently in the uTorrent and Transmission BitTorrent apps. Proof-of-concept attacks Ormandy developed exploited weaknesses in the programs’ JSON-RPC interface, which allows websites a user is visiting to initiate downloads and control other key functions. Ormandy’s exploits demonstrated how malicious sites could abuse the interface to run malicious code on vulnerable computers.
The in-the-wild attacks targeting rTorrent are exploiting XML-RPC, an rTorrent interface that uses HTTP and the more-powerful XML to receive input from remote computers. rTorrent doesn’t require any authentication for XML-RPC to work. Even worse, the interface can execute shell commands directly on the OS rTorrent runs on.
Read 5 remaining paragraphs | Comments
