2014, Analysis and Mining - Information Management Today

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Ngrok Mining Botnet

Security Affairs

SEPTEMBER 22, 2018

Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. I’ve been following the Monero mining pool address used in the Ngrok campaign and regularly checking for other research references on the internet. Whaler – attack types and analysis. Introduction.

Mining

Mining Honeypots Security Cloud

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. ” continues the report. Pierluigi Paganini.

Mining

Mining Cloud Security IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. CVE-2014-3120 (Elasticsearch before 1.2) The WatchDog botnet has been active at least since Jan. x before 1.4.3)

Mining

Mining Cloud Access Security

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

” The Trend Micro researchers’ analysis shows a fairly typical command & control (C&C) malware infection process with many similarities to the Satori variant of the Mirai botnet. Analysis of the code indicates that it could be used as a distributed denial of service (DDoS) platform if enough devices are compromised.

Mining

Mining IoT Blockchain Risk

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years.

Insurance

Insurance Financial Services Mining Access

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. ” continues the analysis. The analysis of the sinkholing activities revealed that there are, on average, 2,000 devices mining throughout the day.

Mining

Mining Communications IT Cybersecurity

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” reads the analysis published by Guardicore.

Mining

Mining Passwords Education Cybersecurity

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

” reads the analysis published by Symantec. “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. Then the mining script is activated and starts abusing devices resources to mine Monero cryptocurrency.

Mining

Mining Libraries Analytics Security

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

The analysis of the HEH Bot revealed that it contains three functional modules: propagation module, local HTTP service module and P2P module. ” reads the analysis published by the researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the post. Pierluigi Paganini.

IoT

IoT Mining Communications IT

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

” reads the analysis published by Trend Micro. “The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.”

Mining

Mining Honeypots Cloud Passwords

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining File names Risk Cybersecurity

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. ”reads the analysis published by Microsoft. For example, the MSI package used in the campaign contains different files” continues the analysis.

File names

File names Encryption Mining Security

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Security Affairs

AUGUST 5, 2018

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. Pierluigi Paganini.

Mining

Mining Ransomware Security IT

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

” reads the analysis published by F-Secure. ” continues the analysis. The service creates multiple threads to carry out several malicious activities, such as data exfiltration and mining. Further information, including IoCs are reported in the analysis published by F.Secure. then it deletes itself.

Mining

Mining File names Access IT

CookieMiner Mac Malware steals browser cookies and sensitive Data

Security Affairs

JANUARY 31, 2019

” reads the analysis published by PaloAlto Networks. CookieMiner configures the compromised systems to load coinmining software that appears like an XMRIG-type miner, but that mines Koto, a lesser popular cryptocurrency associated with Japan. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Mining

Mining Authentication Blockchain Passwords

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. ” continues Talos. Pierluigi Paganini.

Mining

Mining IT Security Information Security

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Mining

Mining Passwords IT Security

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

” reads the analysis published by the researchers. ” continues the analysis. BitRAT implements multiple features, including mining cryptocurrencies and RAT features. months, just by selling the APOMacroSploit product.” ” The researchers noticed that the attackers made a mistake, The cutt[.]ly

Cleanup

Cleanup Phishing Mining Security

Modular Cryptojacking malware uses worm abilities to spread

Security Affairs

MARCH 13, 2019

. “Recently, 360 Total Security team intercepted a new worm PsMiner written in Go, which uses CVE-2018-1273, CVE-2017-10271, CVE-2015-1427, CVE-2014-3120 and other high-risk vulnerabilities ? ” reads the analysis published by the experts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Mining

Mining Passwords Risk Security

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies. Pierluigi Paganini.

Mining

Mining Systems administration Encryption Authentication

Graboid the first-ever Cryptojacking worm that targets Docker Hub

Security Affairs

OCTOBER 17, 2019

” reads the analysis published by the experts. Graboid is the first-ever Cryptojacking worm found in images on Docker Hub, the analysis conducted by the experts shows that, on average, each miner is active 63% of the time, with the mining periods being of 250 seconds. ” continues the analysis.

Mining

Mining Ransomware Security IT

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. “The group is using a new detection evasion tool, copied from open source repositories,” reads the analysis published by AT&T Alien Labs. .

IT

IT Libraries Mining Security

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

Security Affairs

JUNE 11, 2020

” Hackers are targeting Kubernetes clusters because nodes used from ML operations have huge computational capabilies making them ideal for fraudulent mining purposes. This fact makes Kubernetes clusters that are used for ML tasks a perfect target for crypto mining campaigns, which was the aim of this attack.”

Mining

Mining Access Security IT

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

” reads the analysis published Symantec. ” continues the analysis. ” Experts observed a spike in the activity of Beapy in March: Since Coinhive cryptocurrency mining service shut down in March, experts observed a drop in cryptojacking attacks. “ Beapy ( W32.Beapy Pierluigi Paganini.

Mining

Mining Archiving Phishing Passwords

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

” reads the analysis published by the security firm Anomaly. “It is expected that the group will continue to exploit more vulnerabilities to mine additional cryptocurrencies in the near future.” ” Technical details, including Indicators of Compromise, are reported in the analysis published by Anomali.

Mining

Mining Cloud Security Access

Cryptocurrency miners infected more than 50% of the European airport workstations

Security Affairs

OCTOBER 17, 2019

Researchers at Cyberbit spotted a crypto mining campaign that infected more than 50% of the European airport workstations. . Security experts at Cyberbit have uncovered a crypto mining campaign that infected more than 50% of the European airport workstations. . ” reads the analysis published by Cyberbit. .

Mining

Mining Security IT Information Security

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

” reads the analysis published by Trend Micro. ” The AESDDoS malware is active since at least since 2014 and it was used to build large DDoS botnet. launching DDoS attacker, mining cryptocurrency, etc.). ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

File names

File names Mining Access Communications

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. ” continues the analysis. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads a blog post published by Intezer. gooobb ” file.

Mining

Mining Encryption IT Security

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

Since it was the C&C server’s responsibility to give mining jobs to the bots, none of the bots received any new mining jobs to execute after this takedown.” “This meant that they could no longer drain the computing power of their victims and that the malware authors no longer received any monetary gain from mining.”

Mining

Mining Ransomware IT Security

Smominru Botnet continues to rapidly spread worldwide

Security Affairs

SEPTEMBER 19, 2019

In February 2018, researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. Further data, including Indicators of Compromise, are reported in the analysis published by the experts.

Mining

Mining Access IT Security

Modular Plurox backdoor can spread over local network

Security Affairs

JUNE 19, 2019

“The analysis showed the malware to have a few quite unpleasant features. ” reads the analysis published by Kaspersky. Post-analysis, the malware was named Backdoor.Win32.Plurox.” Further technical details, including IoCs are reported in the analysis published by Kaspersky. Pierluigi Paganini.

Mining

Mining Communications IT Access

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Technical analysis. Despite its popularity, the Shade payload, at the analysis time, did not show high detection rates: only a third of antimalware detected it (24/69), even if the behaviour of the threat is such harassing as recognizable. However, the mining pool dashboard provides a clue of the current number of infected machines.

Ransomware

Ransomware Mining File names Encryption

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. and lower) to compromise them and install the malicious code the exploit the CVE-2014-3120 and CVE-2015-1427 vulnerabilities. Pierluigi Paganini.

Search queries

Search queries Honeypots File names Mining

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

The list of exploits used by the malware includes EternalBlue , DoublePulsar ; exploits for CVE-2014-6287, Tomcat arbitrary file upload vulnerability CVE-2017-12615 , CVE-2017-8464 ; and three ThinkPHP exploits for different versions of the framework. continues the analysis. The last week of May is the most active period on record. .

Mining

Mining File names Libraries IT

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

” reads the analysis published by Avast. “Unlike the aforementioned IoT botnets, this one tries to be more stealthy and persistent once the device is compromised, and it does not (yet) do the usual stuff a botnet does like DDOS , attacking all the devices connected to the internet, or, of course, mining cryptocurrencies.”

IoT

IoT Communications Mining Encryption

Experts found a new powerful modular Linux cryptominer

Security Affairs

NOVEMBER 26, 2018

” Reads the analysis published by Dr. Web. downloads and starts its own Monero-mining operation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Then the Linux.BtcMine.174. Linux.BtcMine.174 Pierluigi Paganini.

Mining

Mining Passwords Security IT

Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled

Security Affairs

SEPTEMBER 26, 2018

” reads the analysis published by BitDefender. ” In February 2018, security researchers at Qihoo 360’s Netlab have spotted an Android mining botnet that was targeting devices with ADB interface open. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Mining Access Security

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

” reads the analysis published by the experts. In June, Trend Micro discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). . ” continues the analysis. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Passwords Mining Manufacturing

Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign

Security Affairs

AUGUST 3, 2018

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. ” continues the analysis. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining Libraries Security IT

Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

Security Affairs

JULY 28, 2018

The attackers compromised a font package installed by a PDF editor app and used it to spread a crypto-mining malware on victims’ machines. ” reads the analysis published by Microsoft. The attackers decompiled and modified one MSI file, an Asian fonts pack, to add the malicious payload with the coin mining code.

Mining

Mining Cloud Communications Marketing

Blue Mockingbird Monero-Mining campaign targets web apps

Ngrok Mining Botnet

Webinars

Trending Sources

Pacha Group declares war to rival crypto mining hacking groups

Webinars

New MrbMiner malware infected thousands of MSSQL DBs

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

NY Charges First American Financial for Massive Data Leak

Previously undetected VictoryGate Botnet already infected 35,000 devices

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

New HEH botnet wipes devices potentially bricking them

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Crooks spread malware via pirated movies during COVID-19 outbreak

Microsoft warns of Dexphot miner, an interesting polymorphic threat

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

CookieMiner Mac Malware steals browser cookies and sensitive Data

WatchBog cryptomining botnet now uses Pastebin for C2

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Modular Cryptojacking malware uses worm abilities to spread

Android Botnet leverages ADB ports and SSH to spread

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Graboid the first-ever Cryptojacking worm that targets Docker Hub

TeamTNT group adds new detection evasion tool to its Linux miner

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Chinese-speaking cybercrime gang Rocke changes tactics

Cryptocurrency miners infected more than 50% of the European airport workstations

Crooks exploit exposed Docker APIs to build AESDDoS botnet

New variant of Linux Botnet WatchBog adds BlueKeep scanner

French Police remotely disinfected 850,000 PCs from RETADUP bot

Smominru Botnet continues to rapidly spread worldwide

Modular Plurox backdoor can spread over local network

The Long Run of Shade Ransomware

Multiple threat actors are targeting Elasticsearch Clusters

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Torii botnet, probably the most sophisticated IoT botnet of ever

Experts found a new powerful modular Linux cryptominer

Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign

Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

Stay Connected