OMIGOD vulnerability in OMI application has been under active exploitation.
Linux servers running on Microsoft’s Azure cloud remain under distributed denial-of-service or cryptojacking attacks by botnets exploiting the OMIGOD vulnerability in the Open Management Infrastructure (OMI) application. OMI, installed by default in most Azure Linux virtual machines, is a Linux equivalent to Windows Management Infrastructure. The Record describes the issue (CVE-2021-38647) as a remote code execution vulnerability. Researchers at Wiz, who've described the exploitation, also have a review of available remediations. At least one botnet exploiting OMI is a familiar one: BleepingComputer reports that Mirai is working actively against vulnerable instances.