Cybersecurity researchers have identified a new campaign exploiting CVE-2021-41773 in Apache HTTP Server to deliver the Linuxsys cryptocurrency miner through compromised legitimate websites. The attack uses sophisticated methods to avoid detection, targeting both Linux and potentially Windows systems, while also leveraging other vulnerabilities like CVE-2024-36401 and CVE-2020-0688. #ApacheCVE202141773 #Linuxsys #GhostContainer
Keypoints
- The campaign exploits a high-severity path traversal vulnerability in Apache HTTP Server 2.4.49 to execute remote code.
- Attackers use compromised legitimate websites with valid SSL certificates to stealthily distribute malware and avoid detection.
- The malware delivery involves shell scripts downloading the Linuxsys miner from multiple trusted sites, with persistence ensured through cron.sh scripts.
- Similar infections previously exploited vulnerabilities like CVE-2024-36401 and CVE-2023-22527 to deliver coin miners and malware.
- Cybercriminals are also targeting high-profile organizations with specialized backdoors like GhostContainer, exploiting Exchange Server vulnerabilities for espionage.
Read More: https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html