Post

Critical PHP Flaw Exploited: Quasar RAT and XMRig Miners Deployed

Posted
By Tom Grant
1 min read
Critical PHP Flaw Exploited: Quasar RAT and XMRig Miners Deployed

TL;DR

Threat actors are leveraging a severe PHP vulnerability (CVE-2024-4577) to deploy Quasar RAT and XMRig cryptocurrency miners. This flaw affects Windows-based systems running PHP in CGI mode, allowing remote code execution.

Critical PHP Vulnerability Exploited for Malicious Activities

Threat actors have been actively exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs), specifically the Quasar RAT. This vulnerability, identified as CVE-2024-4577, involves an argument injection flaw affecting Windows-based systems running PHP in CGI mode. This critical issue enables remote attackers to execute arbitrary code on vulnerable systems1.

Understanding the Vulnerability

The vulnerability, CVE-2024-4577, is particularly dangerous due to its ability to allow remote code execution. This flaw specifically targets Windows-based systems operating PHP in CGI mode. By exploiting this vulnerability, attackers can inject malicious code, leading to unauthorized access and control over the affected systems.

Impact and Consequences

The exploitation of this vulnerability has led to the deployment of:

  • Quasar RAT: A powerful remote access trojan that gives attackers full control over infected systems.
  • XMRig Miners: Cryptocurrency mining software that uses the computing resources of compromised systems to mine cryptocurrencies, often without the knowledge of the system owners.

Mitigation Strategies

To protect against this vulnerability, it is crucial to:

  • Update PHP: Ensure that all systems are running the latest version of PHP, which includes patches for known vulnerabilities.
  • Disable CGI Mode: If possible, avoid running PHP in CGI mode, especially on Windows-based systems.
  • Implement Security Measures: Use firewalls, intrusion detection systems, and regular security audits to identify and mitigate potential threats.

Conclusion

The exploitation of the CVE-2024-4577 vulnerability highlights the importance of timely updates and robust security measures. Organizations and individuals must remain vigilant and proactive in protecting their systems against such threats. For more detailed information, refer to the full article: source.

References

  1. (2025,March 19). “Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners”. The Hacker News. Retrieved 2025-03-19. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat intelligence php vulnerability
This post is licensed under CC BY 4.0 by the author.