Analysis, File names, Mining and Security - Information Management Today

Analysis

File names

Mining

Security

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. . Pierluigi Paganini.

File names

File names Encryption Mining Security

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . ” reads the analysis published by Avast. Adaware Bitdefender Escan F-secure Kaspersky Mcafee (scanner only) Norton Panda. Follow me on Twitter: @securityaffairs and Facebook.

Mining

Mining File names Security IT

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Trending Sources

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

” reads the analysis published by Trend Micro. The botnet is currently involved in cryptocurrency mining activity, it delivers the XMRig Monero (XMR) miner onto the infected machines. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. for spreading. Pierluigi Paganini.

Mining

Mining File names IT Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads. — Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020. Experts observed an ongoing coin miner campaign that injects a malicious VBScript into ZIP files posing as movie downloads. Pierluigi Paganini.

Mining

Mining File names Risk Cybersecurity

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

” reads the analysis published by F-Secure. The new version of NRSMiner updates existing infections by downloading new modules and removing files and services installed by old previous versions. ” continues the analysis. One of the unzipped files named svchost.exe is the Eternalblue – 2.2.0

Mining

Mining File names Access IT

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Technical analysis. Shade encrypts all the user files using an AES encryption scheme.

Ransomware

Ransomware Mining File names Encryption

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

” reads the analysis published by Trend Micro. “A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.” launching DDoS attacker, mining cryptocurrency, etc.). .” ” states the report.

File names

File names Mining Access Communications

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

Now, Shellbot has re-appeared in the threat landscape in a recent campaign, targeting organizations worldwide with a new IRC server and new Monero pools, so we decided to deepen the analysis. Technical Analysis. This directory contains the crypto mining module named kswapd0. The initial script is the file named “ a ”.

Mining

Mining File names Honeypots IT

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. “This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.”

Mining

Mining File names Libraries IT

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. Pierluigi Paganini.

Search queries

Search queries Honeypots File names Mining

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. According to zcashnetwork the attacker’s wallet received from mining activity 4.89

Ransomware

Ransomware Mining File names Encryption

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Security Affairs

MAY 29, 2019

Security experts at Guardicore Labs uncovered a widespread cryptojacking campaign leveraging a malware dubbed Nansh0u. ” continues the analysis. The payloads used in this campaign were droppers used to deliver a cryptocurrency miner to mine TurtleCoin cryptocurrency. Pierluigi Paganini.

File names

File names Mining Cybersecurity Security

Experts spotted P2P worm spreading Crypto-Miners in the wild

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Technical Analysis. Code Snippet 1: Copy of the files in a subfolder.

Archiving

Archiving Mining File names Risk

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

Most organisation begin with "we take the security of your data seriously", layer on lawyer speak, talk about credit cards not being exposed and then promise to provide further updates as they come to hand. In total, the file has 43,015 unique email addresses (including mine) which is a far cry less than the total row count.

Passwords

Passwords Data breaches Mining Risk

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Webinars

Trending Sources

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Webinars

Crooks spread malware via pirated movies during COVID-19 outbreak

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

The Long Run of Shade Ransomware

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Multiple threat actors are targeting Elasticsearch Clusters

Ransomware, Trojan and Miner together against “PIK-Group”

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Experts spotted P2P worm spreading Crypto-Miners in the wild

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Gab Has Been Breached

Stay Connected