Best crypto insights delivered straight to your inbox.
Hackers took advantage of now-resolved vulnerabilities in salt software to install crypto-mining malware on the servers of popular websites, one of which includes Ghost. This was revealed by security researchers to ZDNet on May 3.
Crypto-mining malware on Ghost server
Based on Node.js, Ghost is an open-source blogging website that advertises itself as a more convenient alternative to the leading blogging platform, WordPress. However, hackers were able to compromise the company’s servers to mine cryptocurrencies.Â
Ghost reportedly uses Salt software to manage it’s servers. Thus, the attackers exploited the bugs in the Salt software to access the website[s]; afterward, they installed the crypto-mining malware, which resulted in overloads in the company’s CPU.
The hackers mainly focused on cryptocurrency mining, according to a Ghost representative. They did not steal the financial details or credentials of Ghost users, and rather they only installed crypto-mining malware to mine digital currencies from their server illicitly.
Crypto malware overloaded CPUs
Ghost devs were alerted about the unauthorized activity immediately after the company’s CPU spiked, which overloaded most of they’re systems. They had to take down they’re servers and bring it back online only after the vulnerabilities have been patched, per the report.
Before the incident occurred with Ghost, hackers already coded they’re way into the servers of a popular mobile OS known as LineageOS, through the same flaws reported with the Salt software. Another attack was launched on Digicert certificate authority under the same campaign.Â
Saltstack patches Salt flaws
The processes of the attack are likely to be done automatically, right from the vulnerability scanning and the installation of crypto-mining malware, according to a researcher. At that time, Fortune 500 companies, including banks and other platforms using Salt software, were at risk.
To be precise, about 6,000 Salt servers were exposed; however, Saltstack, the firm behind the software, had recently released patches to resolve the reported vulnerabilities. Users have been advised to either secure they’re system with a firewall or patch the Salt servers.
If you're reading this, you’re already ahead. Stay there with our newsletter.
Ibiam Wayas
Ibiam Wayas has covered the crypto news beat since 2019. He studied Computer Science at National Open University of Nigeria. His work has appeared on various crypto news platforms, including Coinfomania, Crypto News Australia, and AltcoinBuzz. Drawing on his background in Computer Science, he now focuses on crypto, robotics, and longevity news.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)