Malicious Actors Exploit Exposed JDWP Interfaces for Cryptomining

Malicious actors are exploiting exposed interfaces of the Java Debug Wire Protocol (JDWP) to gain code execution capabilities and deploy cryptocurrency miners on compromised hosts. Researchers from Wiz, Yaara Shriki and Gili, have discovered that the attacker is using a modified version of XMRig with an embedded configuration, which helps avoid suspicious command-line arguments that are often detected by defenders.