Hackers Abuse ThinkPHP Vulnerability to Launch Attacks with 'Dama' Malicious Tool

TapTechNews on June 9, Akamai, a security company, recently released a report claiming that there are currently hackers abusing the remote execution code vulnerability in the popular open-source web application framework ThinkPHP to create a malicious tool named Dama for attacks.

TapTechNews learned that hackers mainly utilized two vulnerabilities, CVE-2018-20062 and CVE-2019-9082 in the old version of ThinkPHP to add a file named public.txt in the victim's server, which contains this WebShell tool named Dama, allowing hackers to remotely control the server in GUI form.

The security company said that this WebShell has many advanced functions and even comes with a file management feature, allowing hackers to freely tamper with the file content on the server, collect specific data, and also allowing hackers to scan network ports to conduct further sniffing against other servers in the victim's network.

Researchers said that they first detected the Dama malicious tool as early as last October, but since then the hacker-related activities have entered the incubation period, and recently relevant attacks have reappeared, which is said to have infected cloud service providers such as Zenlayer, and the scale is much larger than before. Researchers remind users that they should actively update ThinkPHP to the latest version to prevent hackers from attacking using the already disclosed vulnerabilities.