A campaign exploiting the CVE-2024-36401 vulnerability in GeoServer has been discovered, allowing attackers to monetize victims' internet bandwidth through the deployment of legitimate software development kits (SDKs) or modified apps. The stealthy approach enables criminals to profit without distributing traditional malware while targeting an expanding number of publicly accessible GeoServer instances. Palo Alto Networks offers protective measures against such threats.