Microsoft's cybersecurity division, in its Twitter account, described the Sysrv botnet attacks.
This malware uses exploits of vulnerabilities in Spring and WordPress frameworks. Its goal is to install a cryptomainer on different Windows and Linux servers.
The malware is called Sysrv-K. Hackers have added the function to scan versions of WordPress and Spring that do not have the necessary update or patch.
Codename CVE-2022-22947 is currently being analyzed and has the highest critical point of 10 out of 10. It allows for the introduction of malicious code and affects the Spring Cloud Gateway library. By exploiting it, cybercriminals can execute any code on compromised hosts.