Compartir este artículo
Hackers Plant Crypto Miners by Exploiting Flaw in Popular Server Framework Salt
Hackers have exploited a critical flaw in infrastructure management tool Salt and, in one case planted crypto mining software.
Por Paddy Baker
A hacking group has installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of IBM, LinkedIn and eBay.
STORY CONTINUES BELOW
No te pierdas otra historia.Suscríbete al boletín de Crypto Daybook Americas hoy. Ver todos los boletines
Blogging platform Ghost said Sunday an attacker had successfully infiltrated its Salt-based server infrastructure and deployed a crypto-mining virus.
"Our investigation indicates that a critical vulnerability in our server management infrastructure ... was used in an attempt to mine cryptocurrency on our servers," reads an incident report. "The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately."
Ghost said Monday developers had removed the mining malware from its servers and added whole new firewall configurations.
See also: dForce Hacker Returns Almost All of Stolen $25M in Crypto
Salt is an open-source framework, developed by SaltStack, that manages and automates key parts of company servers. Clients, including IBM Cloud, LinkedIn, and eBay, use Salt to configure servers, relay messages from the "master server" and issue commands to a specific time schedule.
SaltStack alerted clients a few weeks ago there was a "critical vulnerability" in the latest version of Salt that allowed a "remote user to access some methods without authentication" and gave "arbitrary directory access to authenticated users."
SaltStack also released a software update fixing the flaw on April 23.
Android mobile operating system LineageOS said hackers had also accessed its core infrastructure via the same flaw, but the breach was quickly detected. In a report Sunday the company admitted it hadn't updated the Salt software.
It remains unknown whether the same group is behind the LineageOS and Ghost attacks. Some attacks have planted crypto mining software, while others have instead planted backdoors into servers.
See also: Monero Hacker Group ‘Outlaw’ Is Back and Targeting American Business: Report
It isn't clear if hackers mined a particular cryptocurrency. Hacking groups have generally favored monero , as it can be mined with just general purpose CPUs, not dedicated mining chips, and can be traded with little risk of detection.
CoinDesk has approached SaltStack for comment, but hadn't heard back by press time.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin Rebounds to $93K From Post-Fed Lows, but Altcoins Remain Under Pressure
Downward pressure on bitcoin is losing steam, with the market stabilizing but not yet out of the woods, said one analyst.
What to know:
- Bitcoin rebounded from a sharp early selloff on Thursday to trade above $93,000 shortly after the close of U.S. stocks.
- The late-day gain in bitcoin came alongside a rebound in the Nasdaq from big morning losses; the tech index closed with just a 0.25% loss.
- Downward pressure on bitcoin is losing steam, said one analyst, but the market is not yet out of the woods.
Top Stories
