Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Posted: Sun Jul 20, 2025 12:23 am
Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys.
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
"The attacker leverages compromised legitimate websites to distribute malware, enabling stealthy delivery and evasion of detection," VulnCheck's Jacob Baines said in a report shared with The Hacker News.
https://thehackernews.com/2025/07/hacke ... -flaw.html
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
"The attacker leverages compromised legitimate websites to distribute malware, enabling stealthy delivery and evasion of detection," VulnCheck's Jacob Baines said in a report shared with The Hacker News.
https://thehackernews.com/2025/07/hacke ... -flaw.html