"Kinsing Malware Exploits Apache ActiveMQ RCE for Rootkit Infiltration"
Originally Published 2 years ago — by BleepingComputer
The Kinsing malware is exploiting a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ to compromise Linux systems. Despite a patch being released, thousands of servers remain exposed, allowing ransomware gangs like HelloKitty and TellYouThePass to take advantage. Kinsing targets Linux systems and deploys cryptocurrency miners on vulnerable servers. The malware uses the ProcessBuilder method to execute malicious bash scripts and download additional payloads, evading detection. It establishes persistence through a cronjob and adds a rootkit to ensure its code executes with every process on the system. Organizations are urged to upgrade Apache ActiveMQ to mitigate the threat.