Cryptominer and DDoS botnet operators are actively scanning the Internet for unsecured Azure Linux servers vulnerable to the recently disclosed OMIGOD issue.

OMIGOD is a set of vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648, CVE-2021-38649) affecting the Open Management Infrastructure (OMI) application installed by default by Microsoft on most Azure Linux virtual machines.

OMIGOD issues were fixed in OMI version 1.6.8.1, however there is no automatic update mechanism in the app, that's why most Azure Linux virtual machines need to be manually updated.

According to information security experts Kevin Beaumont and German Fernandez, threat actors deploy cryptocurrency mining programs on compromised servers, or hacked devices become part of a botnet.

Source: securitylab.ru