{"id":55897,"date":"2024-04-18T21:56:04","date_gmt":"2024-04-18T21:56:04","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/"},"modified":"2024-04-18T21:56:04","modified_gmt":"2024-04-18T21:56:04","slug":"crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/","title":{"rendered":"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims"},"content":{"rendered":"<p>Crooks are exploiting month-old OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims&#8217; resources, according to Microsoft.<\/p>\n<p>OpenMetadata is a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/open-metadata\/OpenMetadata\">suite<\/a> of open-source software for organizing and working on non-trivial amounts of information, making it possible to search, secure, and export and import data, among other things.<\/p>\n<p>In March, the project&#8217;s maintainers disclosed and fixed five security vulnerabilities that affected versions prior to 1.3.1, which could be abused to bypass authentication and gain remote code execution (RCE) within OpenMetadata deployments.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Digital thieves have been exploiting the bugs in unpatched installations that are exposed to the internet since the beginning of April, according to a threat intelligence team at Microsoft, which itself is no stranger to <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/Tag\/Patch%20Tuesday\/\" rel=\"noopener\">horrific security bugs<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Those OpenMetadata vulnerabilities are:<\/p>\n<ul>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-28255\">CVE-2024-28255<\/a>, a critical improper authentication flaw that received a 9.8-out-of-10 CVSS severity rating. It can allow an attacker to bypass the authentication mechanism and reach any arbitrary endpoint.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-28847\">CVE-2024-28847<\/a>, an 8.8-rated high-severity code-injection bug that can lead to RCE.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-28253\">CVE-2024-28253<\/a>, a code-injection flaw that can allow RCE. This one is rated critical, and has a 9.4 CVSS score.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-28848\">CVE-2024-28848<\/a>, another 8.8-rated code-injection flaw that can allow RCE.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-28254\">CVE-2024-28254<\/a>, an OS command injection flaw that received an 8.8 CVSS rating and can open users up to remote code execution.<\/li>\n<\/ul>\n<p>To gain access, the attackers scan for Kubernetes-based deployments of OpenMetadata that are exposed to the internet. After finding vulnerable systems, they exploit the unpatched CVEs to gain access to the container, and then run a series of commands to collect information on the network and hardware configuration, OS version, and active users, among other information about the victim&#8217;s environment.<\/p>\n<div class=\"boxout\" readability=\"45.854393842207\">\n<p><strong>Election disinfo off to a slow start<\/strong><\/p>\n<p>In other Microsoft news, Redmond says Russia and China are stepping up efforts to stick their oars into the upcoming US presidential election, again.<\/p>\n<p>Russian trolls &#8220;kicked into gear&#8221; in the past 45 days, with a &#8220;renewed focus on undermining US support for Ukraine,&#8221; according to the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/aka.ms\/ElectionsReport-April2024\">second<\/a> Microsoft Threat Intelligence Election Report. This includes influence campaigns from at least 70 Russian-affiliated groups.<\/p>\n<p>&#8220;The most prolific of these actors are backed by or affiliated with the Russian Presidential Administration, highlighting the increasingly centralized nature of Russian influence campaigns, rather than relying principally on its intelligence services and the Internet Research Agency (known more commonly as the troll farm) as seen during the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/01\/10\/russian_election_meddling_us\/\" rel=\"noopener\">2016<\/a> US presidential election,&#8221; the report stated.&nbsp;<\/p>\n<p>It adds that these disinformation campaigns target both English and Spanish-speaking audiences in America and push anti-Ukraine narratives.<\/p>\n<p>China, meanwhile, &#8220;uses a multi-tiered strategy that aims to destabilize targeted countries by exploiting increasing polarization among the public and undermining faith in centuries-old democratic systems,&#8221; we&#8217;re told.&nbsp;<\/p>\n<p>Plus, Beijing is much better than Russia at using generative AI to <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/04\/02\/microsoft_election_ai_fakes\/\" rel=\"noopener\">create convincing<\/a> images and videos, Redmond says, noting that Storm-1376 (aka <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/01\/18\/google_tag_coldriver_malware\/\" rel=\"noopener\">Spamouflage<\/a>), remains one of the most prolific groups using AI to generate fake news. Our advice? Apply some common sense to things you see online, and stick to reputable, trusted sources of information.<\/p>\n<\/div>\n<p>&#8220;As part of the reconnaissance phase, the attackers read the environment variables of the workload,&#8221; Microsoft security boffins Hagai Ran Kestenberg and Yossi Weizman <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/04\/17\/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters\/\">wrote<\/a>.<\/p>\n<p>In this case, &#8220;those variables may contain connection strings and credentials for various services used for OpenMetadata operation which could lead to lateral movement to additional resources.&#8221;<\/p>\n<p>The attackers then download crypto-mining malware from a remote server in China, and, in some cases, add a personal note to the victim:<\/p>\n<p>There&#8217;s no word from Redmond as to whether this sob story ever works, or ends with the victims happily transferring Monero crypto-coins (XMR) to the crooks.&nbsp;<\/p>\n<p>We do know, however, that after running the mining malware, the miscreants start a reverse shell connection using Netcat to maintain remote access to the container, and also install cronjobs for scheduling, which allows them to execute the malware at predetermined times.<\/p>\n<p>&#8220;Administrators who run OpenMetadata workload in their cluster need to make sure that the image is up to date,&#8221; the Redmond duo wrote. &#8220;If OpenMetadata should be exposed to the internet, make sure you use strong authentication and avoid using the default credentials.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/04\/18\/cryptojackers_openmetadata_kubernetes\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8216;I want to buy a car. That&#8217;s all&#8217; Crooks are exploiting month-old OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims&#8217; resources, according to Microsoft.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-55897","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-18T21:56:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims\",\"datePublished\":\"2024-04-18T21:56:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/\"},\"wordCount\":709,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/\",\"name\":\"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-04-18T21:56:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/","og_locale":"en_US","og_type":"article","og_title":"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-04-18T21:56:04+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims","datePublished":"2024-04-18T21:56:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/"},"wordCount":709,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/","url":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/","name":"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-04-18T21:56:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZiVB-UtXvhqGleMpeZeRHgAAA8A&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/crooks-exploit-openmetadata-holes-to-mine-crypto-and-leave-a-sob-story-for-victims\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Crooks exploit OpenMetadata holes to mine crypto \u2013 and leave a sob story for victims"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55897"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55897\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}