Home Latest Cyber Security News | Network Security Hacking Recently Patched PHP Flaw Under Attack By TellYouThePass Ransomware
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Recently Patched PHP Flaw Under Attack By TellYouThePass Ransomware

by Abeerah Hashim
written by Abeerah Hashim
TellYouThePass ransomware exploits PHP flaw

Researchers have detected active attacks from TellYouThePass ransomware that exploits the recently reported PHP flaw. The active exploits make it even more urgent for the users to patch their systems at the earliest.

TellYouThePass Ransomware Began Exploiting PHP Flaw In Recent Campaigns

According to a recent blog post from Imperva, threat actors behind the TellYouThePass ransomware have started attacking the recently disclosed and patched PHP vulnerability CVE-2024-4577.

This vulnerability recently came into the limelight after researchers discovered an authentication bypass in a previous patch for a 12-year-old code execution flaw. Following the bug report, the vulnerability received a fix with PHP versions 8.3.8, 8.2.20, and 8.1.29. However, the threat actors quickly exploited the flaw before users could patch it.

According to Imperva, their researchers detected active exploitation of the flaw soon after its disclosure, which they could link back to the TellYouThePass ransomware.

In this campaign, the attackers exploit the vulnerability using the mshta.exe binary to run a malicious HTML application. This malicious file includes a VBScript, which then decodes into a binary that loads into memory during runtime.

Analyzing this binary made the researchers find a .NET variant of the ransomware that exhibits the core functionalities. It communicates via HTTP with its C&C, encrypts the files on the infected machine, and places the ransom note that demands 0.1 BTC as ransom.

Since the beginning of this campaign, the ransomware has infected numerous systems and websites. While the patch has already been deployed, the extensive impact of this campaign on multiple systems and sites demonstrates how fast the attackers are to attack vulnerable targets.

To avoid ransomware attacks and other threats, users must rush to patch their systems for CVE-2024-4577. Moreover, users must ensure equipping their systems with robust antimalware programs, and deploying web application firewalls (WAFs) on their sites to prevent similar threats.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Latest Octo Malware Variant Mimics Popular Apps Like...

Google Launches Passkeys Sync With Google Password Manager

macOS Sequoia Interferes With VPNs And EDRs Following...

Tor Assured Safety Amidst Deanonymizing Claims From Authorities

GitLab Addressed Critical SAML Auth Flaw With The...

Transport for London Cyberattack: Employee Passwords Reset; Teen...

Hackers Can Bypass WhatsApp ‘View Once’ Due To...

Microsoft September Patch Tuesday Patched 4 Zero-Day Flaws

Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key...

Zyxel Patched Numerous Security Flaws Across Different Products

1 comment

Elena Thomas June 28, 2024 - 7:16 pm

Urgent security alert! The recently patched PHP flaw is under attack by TellYouThePass ransomware.

Comments are closed.