• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
php vulnerability exploited to spread malware and launch ddos attacks

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

You are here: Home / General Cyber Security News / PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
July 11, 2024

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets.

The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It was publicly disclosed in early June 2024.

“CVE-2024-4577 is a flaw that allows an attacker to escape the command line and pass arguments to be interpreted directly by PHP,” Akamai researchers Kyle Lefton, Allen West, and Sam Tinklenberg said in a Wednesday analysis. “The vulnerability itself lies in how Unicode characters are converted into ASCII.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The web infrastructure company said it began observing exploit attempts against its honeypot servers targeting the PHP flaw within 24 hours of it being public knowledge.

This included exploits designed to deliver a remote access trojan called Gh0st RAT, cryptocurrency miners like RedTail and XMRig, and a DDoS botnet named Muhstik.

“The attacker sent a request similar to the others seen previous RedTail operations, abusing the soft hyphen flaw with ‘%ADd,’ to execute a wget request for a shell script,” the researchers explained. “This script makes an additional network request to the same Russia-based IP address to retrieve an x86 version of the RedTail crypto-mining malware.”

Last month, Imperva also revealed that CVE-2024-4577 is being exploited by TellYouThePass ransomware actors to distribute a .NET variant of the file-encrypting malware.

Users and organizations relying on PHP are recommended to update their installations to the latest version to safeguard against active threats.

“The continuously shrinking time that defenders have to protect themselves after a new vulnerability disclosure is yet another critical security risk,” the researchers said. “This is especially true for this PHP vulnerability because of its high exploitability and quick adoption by threat actors.”

Cybersecurity

The disclosure comes as Cloudflare said it recorded a 20% year-over-year increase in DDoS attacks in the second quarter of 2024, and that it mitigated 8.5 million DDoS attacks during the first six months. In comparison, the company blocked 14 million DDoS attacks for the entirety of 2023.

“Overall, the number of DDoS attacks in Q2 decreased by 11% quarter-over-quarter, but increased 20% year-over-year,” researchers Omer Yoachimik and Jorge Pacheco said in the DDoS threat report for Q2 2024.

The most attacked country during the time period was China, followed by Turkey, Singapore, Hong Kong, Russia, Brazil, Thailand, Canada, Taiwan, and Kyrgyztan. Information technology and services, telecom, consumer goods, education, construction, and food emerged as the top sectors targeted by DDoS attacks.

“Argentina was ranked as the largest source of DDoS attacks in the second quarter of 2024,” the researchers said. “Indonesia followed closely in second place, followed by the Netherlands in third.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «gitlab patches critical flaw allowing unauthorized pipeline jobs GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
Next Post: New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign new poco rat targets spanish speaking victims in phishing campaign»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.