Cyber Security News

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

CybersecurityNews
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A threat actor exploited the CVE-2025-32432 flaw in Craft CMS to deploy malware, including a cryptominer and proxyware, for cryptojacking and proxyjacking activities. This ongoing campaign is linked to the Mimo intrusion set, which has a history of exploiting vulnerabilities for financial gain. #CVE-2025-32432 #Mimo #cryptomining #proxyware

Keypoints

  • The threat actor exploited a recently patched vulnerability in Craft CMS to gain unauthorized access.
  • Attackers deployed web shells and used a shell script to download and execute malicious payloads.
  • The main payloads include the Mimo Loader, a cryptocurrency miner, and IPRoyal proxyware.
  • The campaign is linked to the Mimo intrusion set, active since March 2022, known for exploiting multiple vulnerabilities.
  • Investigation suggests the threat activity originates from a Turkish IP address, indicating location and intent.

Read More: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html