Remove Analysis Remove Encryption Remove File names Remove Mining
article thumbnail

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft.

article thumbnail

The Long Run of Shade Ransomware

Security Affairs

Technical analysis. The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? Content of README.txt file.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

Now, Shellbot has re-appeared in the threat landscape in a recent campaign, targeting organizations worldwide with a new IRC server and new Monero pools, so we decided to deepen the analysis. Technical Analysis. This directory contains the crypto mining module named kswapd0. The initial script is the file named “ a ”.

Mining 100
article thumbnail

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. For example, after encryption, the file “1.jpg”

article thumbnail

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining 86
article thumbnail

Gab Has Been Breached

Troy Hunt

. — Troy Hunt (@troyhunt) March 2, 2021 If you're not familiar with hashing, how it's not the same as encryption and how it can still leave passwords vulnerable, read this primer from September first. In total, the file has 43,015 unique email addresses (including mine) which is a far cry less than the total row count.

Passwords 145