Attackers deploy rootkits on misconfigured Apache Hadoop and Flink servers

Researchers have identified a new malware attack campaign targeting misconfigurations in Apache Hadoop and Flink, popular tools for processing big data. The attackers exploit these misconfigured systems to deploy rootkits and install a program for mining the Monero cryptocurrency. The campaign has been praised for the simplicity of its techniques and their effectiveness against traditional security measures. This includes a lack of authentication in the Hadoop YARN and Flink components, which permits unauthenticated users to create and run applications.