SC Media reports that attacks exploiting the PHP vulnerability, tracked as CVE-2024-4577, have been launched by several threat actors shortly after the flaw's disclosure in late spring.
Aside from facilitating the distribution of the Gh0st RAT malware and RedTail cryptominer, attackers have also used the flaw to deploy the Muhstik malware with cryptomining and distributed denial-of-service attack capabilities, a report from Akamai showed.
Immediate remediation of the issue has been recommended by Bugcrowd Vice President of Operations and Hacker Success Michael Skelton and Menlo Security Chief Security Architect Lionel Litty to avert potential server-side remote command execution that could enable total web server compromise and additional systems exploitation.
"The level of access they allow can also enable the deployment of persistent access, allowing future compromises even after the initial flaw has been addressed. While Akamai and other provider mitigations are available for temporary protection, these solutions can often be bypassed," Skelton said.
