The Latest Cryptojacking Malware on Microsoft Exchange Servers and How to Counter It

Deyan Georgiev
Deyan Georgiev

Updated · Feb 21, 2022


Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Microsoft Exchange users? Come closer.

Attackers are now targeting Microsoft Exchange servers by using cryptocurrency mining malware to exploit vulnerabilities. Interestingly, an attack on March 9th, 2021, corresponded with the latest Microsoft cycle update release date.  

Why servers? Why not laptops or computers?

Well, servers such as Microsoft Exchange have a higher processing power. They allow the cryptojackers to comb the WorldWideWeb looking for machines to make use of. Afterward, they put them in a network to mine coins for them for free. 

Microsoft released a report in mid-March warning users that the hack - which originated from China - is becoming commonplace worldwide. The company disclosed to Brian Kreb, a security expert, that it became aware of the issue back in January 2021. 

Additionally, Volexity and Dubex reported the four zero-days security problems around the same time.  

They affect Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. They are as follows:

  • CVE-2021-26855 - Servers trust unauthenticated servers using Server Side Request Forgery (SSRF)
  • CVE-2021-26857 - Attackers combine stolen credentials with Exchange Unified Messaging Service (EUMS)
  • CVE-2021- 26858 - Vulnerability involves the execution of remote code
  • CVE -2021- 27065- Execution of remote code

The cryptojacking works by running Monero mining secretly. According to Andrew Brandt, a threat researcher, the currency is much easier to mine anonymously. In fact, statistics show that almost 5% of the coins in circulation are purely from cryptojacking. 

The attack that leverages the ProxyLogon exploit takes advantage of the Exchange Servers to unload the altcoin. With the latest episode, it’s hard to trace the wallet owners. Unless, of course, the criminal uses a tremendous amount of processing power.

Microsoft urges users to apply the latest updates. Also, companies with internet-facing servers should ensure their antivirus suites are up to date.


Deyan Georgiev

Deyan Georgiev

Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.

Leave your comment

Your email address will not be published.