Threat actors are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain code execution abilities and install cryptocurrency miners on compromised systems.
“The perpetrator utilized an altered variant of XMRig with a hard-coded setup, enabling them to evade unusual command-line parameters that are frequently highlighted by defenders,” remarked Wiz researchers Yaara Shriki and Gili.