PacketCrypt Classic Cryptocurrency Miner on PHP Servers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A cryptocurrency mining campaign targeting vulnerable PHP servers has been identified. The attack exploits misconfigured or unpatched servers, allowing unauthorized access to php-cgi.exe. The malware, initially delivered as dr0p.exe, downloads a secondary payload pkt1.exe, which then spawns packetcrypt.exe to mine PacketCrypt Classic (PKTC) cryptocurrency. The mined coins are sent to a specific wallet address. The attack chain involves multiple stages and uses various techniques to ensure successful execution. Server administrators are advised to patch and audit their web servers to prevent such attacks and mitigate potential performance issues caused by unauthorized crypto mining activities.
OPENCTI LABELS :
cryptomining,cve-2024-4577,php,packetcrypt,stake-to-earn
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
PacketCrypt Classic Cryptocurrency Miner on PHP Servers