article thumbnail

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The gap is being abused for malicious cryptocurrency mining.”

Mining 112
article thumbnail

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . The final stage of the Crackonosh attack chain is the installation of the coinminer XMRig to mine the Monero (XMR) cryptocurrency. Follow me on Twitter: @securityaffairs and Facebook.

Mining 109
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

The botnet is currently involved in cryptocurrency mining activity, it delivers the XMRig Monero (XMR) miner onto the infected machines. The binary includes a configuration file and unlike other cryptocurrency miners, it uses its own mining pool instead of public pools to make tracking attackers even more difficult.

Mining 93
article thumbnail

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft.

article thumbnail

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

Experts observed an ongoing coin miner campaign that injects a malicious VBScript into ZIP files posing as movie downloads. The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. ” reads the Tweet published by the Microsoft Security Intelligence team.

Mining 83
article thumbnail

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll. The service creates multiple threads to carry out several malicious activities, such as data exfiltration and mining. One of the unzipped files named svchost.exe is the Eternalblue – 2.2.0 exploit executable.

Mining 86
article thumbnail

The Long Run of Shade Ransomware

Security Affairs

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, Information about miner executable. Conclusions.