Patch now! Blackmail Trojan Gandcrab eats through Confluence Gap

Patch now! Blackmail Trojan Gandcrab eats through Confluence Gap
Patch now! Blackmail Trojan Gandcrab eats through Confluence Gap

The Confluence wiki software is vulnerable in many versions and attackers are currently exploiting the “critical” vulnerabilities (CVE-2019-3395, CVE-2019-3396). Alert Logic security researchers have now observed new attacks where attackers should exploit a vulnerability as a loophole for the Gandcrab encryption Trojan.

The vulnerability with the identifier CVE-2019-3396 can be found in the Widget Connector and attackers should _templatebe able to inject it remotely without authentication code.

In order to escape a discovery in the placement of Gandcrab, they should rely on several legitimate standard tools and Windows PowerShell. If all this works, the malware installs itself, encrypts files and asks for a ransom.

Hedged versions are already available. In a security warning, the developers claim to have closed the gaps in issues 6.6.12, 6.12.3, 6.13.3 and 6.14.2. All previous versions are threatened. Already last week, attacks on vulnerable Confluence installations.