Cybercriminals exploited a critical vulnerability in Apache ActiveMQ to gain unauthorized access and install persistent Linux malware. They used sophisticated techniques including a backdoor, Dropbox communication, and system modification to maintain control over compromised servers. #CVE-2023-46604 #DripDropper
Keypoints
- Attackers exploited the CVE-2023-46604 flaw in Apache ActiveMQ, a highly critical vulnerability.
- They installed the DripDropper malware to establish persistent control over Linux servers.
- The malware communicates with an attacker-controlled Dropbox account for command and control.
- Attackers modified system configuration files to maintain root access and hide their presence.
- Despite patches being available for months, many systems remain vulnerable due to delayed updates.
Read More: https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/