Tags
Cryptominer
Incidents
C3Pool mining via Confluence vulnerabilityExposed Jupyter Notebooks Targeted for Cryptomining
References
https://www.imperva.com/blog/attackers-quick-to-weaponize-cve-2023-22527-for-malware-delivery/https://www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.htmlhttps://www.cadosecurity.com/blog/from-dormant-to-dangerous-p2pinfect-evolves-to-deploy-new-ransomware-and-cryptominerhttps://www.imperva.com/blog/attackers-exploit-cve-2021-26084-for-xmrig-crypto-mining-on-affected-confluence-servers/
Last edited
Feb 19, 2025 2:12 PM
C3Pool is a Monero mining pool that has been misused by threat actors to illicitly mine cryptocurrency on compromised systems. Attackers exploit vulnerabilities in software such as Apache HTTP Server, Atlassian Confluence, and Redis to deploy mining malware, often utilizing scripts hosted on platforms like GitHub and Netlify. These scripts download and execute miners, such as XMRig, connecting to C3Pool to mine Monero without the system owner's consent.