Criminals hack OpenMetadata flaw to mine crypto on Kubernetes

Cryptominers are back in fashion

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Update: In a statement, OpenMetadata told us, “The OpenMetadata community takes the security and trust of the open-source project seriously. We also get the help of security researchers on publicly available code to find vulnerabilities and address them quickly. CVE-2024-XXXX is a security vulnerability that was previously disclosed on Dec 14 and subsequently patched on Jan 5. Pleaserefer to this blog postfor more details. "

Hackers have been observed abusing flaws in OpenMetadata workloads to install cryptocurrency miners on Kubernetes.

Cybersecurity researchers from theMicrosoftThreat Intelligence team reported of a new campaign, which started in early April 2024 that saw unidentified threat actors were scanning the web for internet-connected OpenMetadata workloads, vulnerable to these five flaws: CVE-2024-28847, CVE-2024-28848, CVE-2024-28253, CVE-2024-28254, and CVE-2024-28255.

Once found, they would abuse these flaws withmalware, to gain a foothold on the systems. After a bit of analysis and reconnaissance, the attackers would install cryptocurrency miners on Kubernetes workloads.

Cryptomining season

OpenMetadata is anopen sourceframework and standard for managing metadata in an open and interoperable manner across various tools, technologies, and platforms. Metadata is essentially data about data, providing context, description, and structure to the actual data.

Among various cryptocurrency miners, the standout one is called XMRig. It’s a lightweight program that “mines” (generates, essentially), the Monero currency, also known as XMR. Monero is described as a privacy-oriented coin, almost impossible to trace, making it particularly interesting for cybercriminals.

“Mining” cryptocurrency refers to conducting compute-heavy operations, which render the computer doing them useless for anything else, even if the device is extremely powerful. At the same time, the device will spend an enormous amount of electrical power mining the crypto, raking up huge electricity bills for the victims.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The attackers, on the other hand, will get disproportionally few cryptos, making the damage done that much greater.

On the flip side, being infected with a cryptominer is relatively easy to spot, since the compromised computer slows down to a crawl. However, since the crypto bull run is currently in full swing, we can expect to see more of these crypto miners around.

“This attack serves as a valuable reminder of why it’s crucial to stay compliant and run fully patched workloads in containerized environments,” the researchers said.

ViaThe Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case