Analysis, Information Security and Mining - Information Management Today

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

MARCH 15, 2023

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. ” reads the analysis published by Crowdstrike. The mining efforts by the pods are contributed back to a community pool, which distributes the reward (i.e., ” continues the report.

Mining

Mining Privacy IT Access

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. ” reads the analysis published by 360 Netlab. The mining program is composed of unity_install.sh The malware was designed to abuse NAS resources and mine cryptocurrency. and Quick.tar.gz.

Mining

Mining Ransomware Security IT

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Security Affairs

JANUARY 4, 2024

The code decodes and retrieves a shell script (“unmi.sh”) from a remote server, in turn, it fetches a configuration file for the mining activity along with the CoinMiner file hosted on GitLab. This file outlines the cryptocurrency mining setting. ” reads the analysis published by Fortinet.

Mining

Mining IT Security Information Security

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The suspect is believed to have mined over USD 2 million (EUR 1.8 ” An unnamed cloud service provider supported the investigation for months. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

Mining

Mining Cloud Authentication Access

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. ” continues the report. Pierluigi Paganini.

Mining

Mining Cloud Security IT

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

It’s a PPSX file, seemingly an outdated US Army manual for tank mine clearing blades (MCB). The DLL also implements features to evade detection and avoid analysis by security experts. The file, although labeled as shared through the Signal app, might not have been originally sent via the application.

Military

Military Mining Libraries Security

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

This second botnet exhibits greater discretion and improved operational security, as the associated malware operates exclusively in memory, leaving no malicious files on the disk. The analysis of memory dumps and command-and-control connections revealed that the botnet is running a variant of the Ngioweb malware.

Healthcare

Healthcare Phishing e-Discovery Mining

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. The WatchDog botnet has been active at least since Jan.

Mining

Mining Cloud Access Security

New Redis miner Migo uses novel system weakening techniques

Security Affairs

FEBRUARY 21, 2024

A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The attackers continue to improve their capability to exploit web-facing services.

Mining

Mining Honeypots Cloud Ransomware

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

” The Trend Micro researchers’ analysis shows a fairly typical command & control (C&C) malware infection process with many similarities to the Satori variant of the Mirai botnet. Analysis of the code indicates that it could be used as a distributed denial of service (DDoS) platform if enough devices are compromised.

Mining

Mining IoT Blockchain Risk

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Gather operating system information.

Mining

Mining Cloud Security IT

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. ” reads the analysis published by CrowdStrikes. ” concludes the report.

Mining

Mining Cloud Access Cybersecurity

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

” reads the analysis published by Trend Micro. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. ” reads the analysis published by Trend Micro.

Mining

Mining Cloud Security Access

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

Mining

Mining Honeypots Cloud Security

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

In 2020, researchers from Athens University School of Information Sciences and Technology in Greece showed (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., We start ddosing. We release ddos.

Ransomware

Ransomware Mining Blockchain Sales

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Half of the images discovered by the expert were using a shared mining pool, by he estimated that threat actors mined US$200,000 worth of cryptocurrencies in a two-year period.

Mining

Mining Libraries Cloud Security

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. ” reads the post published by Akamai.

Mining

Mining Manufacturing Authentication Security

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. ” reads the analysis published by Kaspersky. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Ransomware

Ransomware Mining Communications IT

‘Spider-Man: No Way Home’ used to spread a cryptominer

Security Affairs

DECEMBER 25, 2021

” reads the analysis published by ReasonLabs. The resource contains information for the mining activity, the researchers identified a self-compiled version of the XMrig open-source miner containing information such as username, password, algorithm, and mining pool. mp4” format.

Mining

Mining Passwords IT Security

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

” reads the analysis published by Microsoft. Please see the Information Leaks section for more information.” ” Talos researchers also updated the list of IOCs to include information about mining activity carried out by exploiting the CVE-2021-44228 flaw. Pierluigi Paganini.

Mining

Mining Honeypots Libraries IT

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js.

Mining

Mining Libraries Cybersecurity Security

Highly evasive cryptocurrency miner targets macOS

Security Affairs

FEBRUARY 24, 2023

” reads the analysis published by the experts. At the time of its discovery, the sample analyzed by the experts was not labeled as malicious by any security vendors on VirusTotal. The malicious code uses i2p to download malicious components and send mined currency to the attacker’s wallet. We now had our answer.”

Mining

Mining Passwords Communications Security

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

” reads the analysis published by Lumen Technologies. The analysis of the infections from mid-June to mid-July 2022 revealed that most of the bots are located in Europe, specifically Italy. ” continues the report. . ” continues the report. Other infections were observed in North and South America and Asia Pacific.

Mining

Mining Financial Services IT Security

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These particular applications are targeted because they often run on systems that have powerful underlying hardware with significant amounts of memory and powerful CPUs—all of which allow threat actors to maximize their ability to monetize these resources through mining cryptocurrency.” ” continues the analysis.

Mining

Mining Passwords Communications Ransomware

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

The bot also kills competing malware, including crypto mining and cloud-focused malware, on the same systems. ” reads the analysis published by the experts. ” concludes the analysis. ” concludes the analysis. “However, the code used to download the third payload appears to be commented-out.”

Cloud

Cloud Mining Access Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

” reads the analysis published by Avast. Puppeteer orchestrates the core functionality of the malware, including the cryptocurrency mining as well as the backdoor deployment. “The main objective of GuptiMiner is to distribute backdoors within big corporate networks.”

Cleanup

Cleanup Mining Encryption IT

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. The compressed file contains the XMRig CoinMiner malware along with a config.json with the mining pool URL and the “run” script. ” reads the report published by ASEC.

Mining

Mining Passwords Access Security

Prometei botnet evolves and infected +10,000 systems since November 2022

Security Affairs

MARCH 11, 2023

The crypto-mining botnet has a modular structure and employs multiple techniques to infect systems and evade detection. “More specifically, the botnet operators updated certain submodules of the execution chain to automate processes and challenge forensic analysis methods.” ” reads the post published by Cisco Talos.

Mining

Mining Communications Security IT

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs

JUNE 15, 2022

” The botnet is engaged in cryptomining activity, the malicious code has been designed to hijack the computer’s resources to mine cryptocurrencies. ” reads the analysis published by the experts. At the time of the analysis, the researchers discovered 209 peers, 40 of which are currently active. .

Mining

Mining Education Authentication Security

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

The crimeware allows operators to steal information from infected systems and abuse its resources to mine Monero. The malicious code is able to harvest system metadata and information stored by popular web browsers, including Google Chrome, Mozilla Firefox, Opera, and Opera GX.

Mining

Mining Metadata Cybersecurity IT

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

” reads the analysis published by Aqua firm. Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency. ” continues the analysis. The experts pointed out that this marks the first documented instance of such an exploit.

Cloud

Cloud Mining Access Security

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. ” continues the report.

Mining

Mining Passwords Communications IT

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

” reads the analysis published by the expert. ” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. .” ” continues the analysis.

ROT

ROT Mining Encryption IT

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

Upon infecting a system, the malware abuses its resources to mine cryptocurrency. . “Around the same time the news was spreading about these crypto mining malware attacks, SIRT honeypots were infected with PHP malware that arrived via a backdoored addition to a WordPress plugin named download-monitor.” Pierluigi Paganini.

Honeypots

Honeypots Mining Encryption Access

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

MARCH 20, 2024

The two flaws were discovered by Stephen Fewer, Principal Security Researcher at Rapid7, were disclosed following Rapid7’s vulnerability disclosure policy. Rapid7 published a detailed analysis of the two flaws here.

Authentication

Authentication Ransomware Mining Risk

Nitrokod crypto miner infected systems across 11 countries since 2019

Security Affairs

AUGUST 29, 2022

” reads the analysis published by Check Point. Once the malicious code is executed, the malware connects to the C2 server to get the XMRig crypto miner configuration and starts mining crypto currencies.

Mining

Mining Security Information Security IT

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

NOVEMBER 7, 2020

” reads the analysis published by the expert. 30th) attempting to install crypto-mining tools.” ” The expert spotted a small number of scans starting on October 30 attempting to install crypto-mining tools. .” Pierluigi Paganini. SecurityAffairs – hacking, CVE-2020-14882).

Ransomware

Ransomware Honeypots Mining Security

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 22, 2023

reads the analysis published by Aqua firm. Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency. The experts pointed out that this marks the first documented instance of such an exploit.

IT

IT Mining Cloud Cybersecurity

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. ” reads the analysis published by Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. Bitcoin and 129.9

Mining

Mining Archiving Cybersecurity Security

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

While the first two variants exclusively rely on date strings to generate the domain names, the newer version uses balance information obtained from the cryptocurrency wallet address “ 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa.” ” reads the analysis published by the researchers.

Mining

Mining IT Security Information Security

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

In our analysis, we found Pro-Ocean targeting Apache ActiveMQ (CVE-2016-3088), Oracle WebLogic (CVE-2017-10271) and Redis (unsecure instances).” ” reads the analysis published by Palo Alto Networks. ” continues the analysis. “Pro-Ocean uses known vulnerabilities to target cloud applications.

Cloud

Cloud Libraries Mining IT

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Webinars

Trending Sources

Blue Mockingbird Monero-Mining campaign targets web apps

Webinars

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Pacha Group declares war to rival crypto mining hacking groups

Targeted operation against Ukraine exploited 7-year-old MS Office bug

New MrbMiner malware infected thousands of MSSQL DBs

Russia-linked APT28 and crooks are still using the Moobot botnet

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

New Redis miner Migo uses novel system weakening techniques

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Lemon_Duck cryptomining botnet targets Docker servers

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Abcbot and Xanthe botnets have the same origin, experts discovered

Conti Ransomware Group Diaries, Part IV: Cryptocrime

30 Docker images downloaded 20M times in cryptojacking attacks

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

StripedFly, a complex malware that infected one million devices without being noticed

‘Spider-Man: No Way Home’ used to spread a cryptominer

Log4Shell was in the wild at least nine days before public disclosure

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Highly evasive cryptocurrency miner targets macOS

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Cryptomining DreamBus botnet targets Linux servers

A new version of the Abcbot bot targets Chinese cloud providers

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

New shc Linux Malware used to deploy CoinMiner

Prometei botnet evolves and infected +10,000 systems since November 2022

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

ZingoStealer crimeware released for free in the cybercrime ecosystem

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

MyKings botnet operators already amassed at least $24 million

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Nitrokod crypto miner infected systems across 11 countries since 2019

Ransomware operators target CVE-2020-14882 WebLogic flaw

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Clipminer Botnet already allowed operators to make at least $1.7 Million

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Stay Connected