A new malware called Pro-Ocean is targeting vulnerable installations of Apache ActiveMQ, Oracle WebLogic and Redis to mine for cryptocurrency. The malware is able to spread itself like a worm, attempting to exploit vulnerabilities at all discovered machines.

Hackers attack cloud applications and leverage known vulnerabilities to take control of unpatched Oracle WebLogic (CVE-2017-10271), Apache ActiveMQ (CVE-2016-3088) servers and insecure Redis installations.

According to Palo Alto Networks, Pro-Ocean is equipped with "new and improved rootkit and worm capabilities," that allow malware to hide its activity and spread via unpatched software on the network.

Source: securitylab.ru