Elasticsearch Crypto-Miner Sinkholes the Competition Researchers have discovered a new crypto-mining campaign targeting Elasticsearch instances which contains sinkholing capabilities to squash any competing miners. The aptly named “CryptoSink” malware campaign exploits an Elasticsearch vulnerability from 2014 (CVE-2014-3120) to mine cryptocurrency in Windows and Linux environments, according to F5’s Andrey Shalnev and Maxim Zavodchik.

Read full news article on Infosecurity