Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.

Researchers at security house Red Canary observed attackers using a new form of Linux malware, dubbed DripDropper, against dozens of systems running Apache's Java-based message broker. The miscreants got in using CVE-2023-46604 , a CVSS 9.8 critical flaw that Apache itself rates as a perfect 10. After installing a backdoor to the infected systems, they then downloaded two Java Archive (JAR) files that effectively patched the original vuln.

"This kind of behavior is very uncommon, we see it very rarely," Brian Donohue, principal researcher at Red Canary, told The Register . "I think we've only seen it once be

See Full Page