An aggressive type of malware is threatening to undermine enterprise search engine Elasticsearch, turning it into a sophisticated zombie crypto-mining botnet. The malware, described by cybersecurity company Trend Micro, would result in a botnet that could be used in distributed denial of service (DDoS) attacks by launching sequential attacks on public-facing servers running outdated versions of the search engine software. According to the security researchers, the majority of these types of attacks have been run on a commercial basis, despite the attacks themselves being \u201crelatively straightforward\u201d to execute. \u201cMany of the malicious traffic or attacks that we see targeting Elasticsearch are relatively straightforward, and more often than not, profit-driven,\u201d the Trend Micro post noted. \u201cAn attacker looks for unsecure or misconfigured servers or exploit old vulnerabilities, then drop the final payloads that typically consist of cryptocurrency-mining malware or even ransomware.\u201d The malware works by firstly identifying out of date servers, which it can force to download and execute the offending scripts. According to Trend Micro, this sets the present malware apart from other similar malicious scripts. Worryingly, they suggest this also makes the hacks harder to detect. \u201cThe ways that the scripts are retrieved are notable...Using expendable domains, for instance, allows the attackers to swap URLs as soon as they are detected,\u201d researchers said. According to Trend Micro, these elements of the malware should be seen as a \u201cred flag\u201d that could suggest much more substantial attacks are on the way: That the cybercriminals (or threat actors) behind this attack used URL encoding, staged where the scripts are retrieved, and compromised legitimate websites could mean they are just testing their hacking tools or readying their infrastructure before mounting actual attacks. If this turns out to be the case, the results could be devastating for those servers affected. By forcing control of the servers, which are then used to mine cryptocurrency, the hackers have a strong commercial incentive to pull off this type of attack. Server administrators running Elasticsearch are being warned to patch software without delay, as well as tweaking their security settings to prevent this type of attack from taking hold. But for some, these warnings will undoubtedly be heard too late.