From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Two campaigns targeting Selenium Grid, a popular web testing tool, have been identified. The attacks exploit misconfigured instances lacking authentication to deploy cryptominers and proxyjacking tools. The first campaign injects a base64 encoded Python script to download and execute a reverse shell, followed by scripts that install IPRoyal Pawns for proxyjacking and TraffMonetizer for traffic monetization. The second campaign similarly injects a script that downloads and executes an ELF binary. This binary attempts privilege escalation, connects to Tor nodes for C2, and drops the 'perfcc' cryptominer. Both campaigns highlight the risks of misconfigured Selenium Grid instances and the need for proper authentication.
OPENCTI LABELS :
cryptomining,tor,vulnerability exploitation,perfcc,iproyal pawns,proxyjacking,gsocket,traffmonetizer,selenium grid
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking