article thumbnail

Google Removes Fake Crypto-Mining Apps

Data Breach Today

Researchers Say Users Paid Fees for Fake Mining Services Google has removed eight fake crypto-mining apps from its Play Store, but security researchers have flagged 120 similar apps still available on the store, according to Trend Micro.

Mining 229
article thumbnail

Malicious Docker Images Used to Mine Monero

Data Breach Today

Images on Docker Hub Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hijack organizations’ computing resources to mine cryptocurrency, according to the cybersecurity firm Aqua Security

Mining 229
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Botnet Designed to Mine Virtual Currency Shut Down

Data Breach Today

ESET: 'VictoryGate' Infected 35,000 Devices VictoryGate, a recently discovered botnet that infected about 35,000 devices with malware, has been disabled by researchers from security firm ESET. The botnet's main purpose was mining monero cryptocurrency

Mining 219
article thumbnail

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them.

Mining 101
article thumbnail

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability.

Mining 98
article thumbnail

Canadian Copper Mountain Mining Corporation (CMMC) shut down the mill after a ransomware attack

Security Affairs

The Canadian Copper Mountain Mining Corporation (CMMC) was hit with a ransomware attack that impacted its operations. The Canadian Copper Mountain Mining Corporation (CMMC) announced to have suffered a ransomware attack late on December 27, 2022, which impacted its operation. .

Mining 70
article thumbnail

The Family That Mined the Pentagon's Data for Profit

WIRED Threat Level

Backchannel Security / National Security Security / PrivacyThe Freedom of Information Act helps Americans learn what the government is up to. The Poseys exploited it—and became unlikely defenders of transparency.

Mining 103
article thumbnail

Crypto-mining campaign targets Kubeflow installs on a large scale

Security Affairs

Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for cryptocurrency.

Mining 105
article thumbnail

Zoom Removes Data-Mining LinkedIn Feature

Threatpost

The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month. Privacy Vulnerabilities Web Security Data Mining Data security disabled LinkedIn linkedin feature navigator public response removes Security issues zoom zoom data zoom security

Mining 90
article thumbnail

Government Websites Deliver Cryptocurrency Mining Code

Data Breach Today

Security of Code Pushed by Content Delivery Networks Remains Ongoing Concern More than 4,200 websites, some belonging to the U.S., and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware

Mining 133
article thumbnail

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Each payload comes compiled with a standard list of commonly used Monero-mining domains alongside a Monero wallet address,” continues the analysis. “So

Mining 83
article thumbnail

Child Predators Mine Twitch to Prey on Kids

WIRED Threat Level

Security Security / Security NewsPlus: A leaked trove illuminates Russia’s internet regulator, a report finds Facebook and Instagram violated Palestinian rights, and more.

Mining 84
article thumbnail

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. In March 2018, Coinhive was listed by many security firms as the top malicious threat to Internet users, thanks to the tendency for Coinhive’s computer code to be surreptitiously deployed on hacked Web sites to steal the computer processing power of its visitors’ devices.

Mining 163
article thumbnail

New Malware Hijacks Cryptocurrency Mining

Schneier on Security

After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. This is a clever attack. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration. So far it hasn't been very profitable, but it -- or some later version -- eventually will be.

Mining 103
article thumbnail

Hospital Hit With Cryptocurrency Mining Malware

Data Breach Today

Do healthcare entities face a growing risk of being hit with cryptocurrency mining attacks, which have become more common in other sectors? A Tennessee hospital may be the first victim in the sector, and some security experts predict many more such incidents Are More Healthcare Sector Entities at Risk?

Mining 133
article thumbnail

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining process by 15%.

Mining 101
article thumbnail

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. The mining program is composed of unity_install.sh The malware was designed to abuse NAS resources and mine cryptocurrency.

Mining 93
article thumbnail

Ngrok Mining Botnet

Security Affairs

Specifically, it demonstrates a novel, dynamic and robust operational security model and the ability to detect and attack newly deployed and misconfigured infrastructure. Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. I’ve been following the Monero mining pool address used in the Ngrok campaign and regularly checking for other research references on the internet.

Mining 71
article thumbnail

Hacked MicroTik Routers Serve Cryptocurrency-Mining Malware

Data Breach Today

Researchers: Attackers Have Compromised More Than 209,000 Routers Attackers have targeted a patched vulnerability to exploit more than 209,000 carrier-grade routers made by Latvian manufacturer MicroTik and infect them with two types of malware - Coinhive and Crypto-Loot - designed to mine for cryptocurrency, security researchers say

Mining 116
article thumbnail

Attackers are abusing GitHub infrastructure to mine cryptocurrency

Security Affairs

The popular code repository hosting service GitHub is investigating a crypto-mining campaign abusing its infrastructure. Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency.

Mining 89
article thumbnail

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. move laterally across systems while covertly mining for cryptocurrency. .

Mining 85
article thumbnail

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Threatpost

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020. Vulnerabilities Web Security AMD attack spike bluekeep botnet brute force Cisco Talos COVID-19 Cryptocurrency cryptomining DNS GTX lemon duck Linux Monero Nvidia RDP Windows

Mining 83
article thumbnail

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. Researchers at Intezer Labs continued to monitor this cybercrime group and discovered that it is also targeting cloud-based environments and working to disrupt operations of other crypto-mining groups, such as the Rocke Group.

Mining 64
article thumbnail

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Security Affairs

Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Data Breach Security

Mining 79
article thumbnail

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems. Data Security Data breach featured ghost cms salt

Mining 60
article thumbnail

Google bans cryptocurrency mining apps from the official Play Store

Security Affairs

Google has updated the Play Store Developer Policy page to ban mobile mining apps that mine cryptocurrencies using the computational resources of the devices. Following Apple’s decision of banning cryptocurrency mining apps announced in June, also Google has updated the Play Store Developer Policy page to ban mobile apps that mine cryptocurrencies using the computational resources of the devices. Securi ty Affairs – mining apps, Google).

Mining 44
article thumbnail

Court Rules in Favor of Mining LinkedIn User Data

Adam Levin

A federal appellate court ruled that mining and aggregating user data publicly posted to social media sites is allowable by law. In an opinion released earlier this month, the 9th Circuit U.S.Court of Appeals upheld an injunction against employment-centric social network LinkedIn from blocking access to hiQ, a data mining company that sells aggregated user information. . The post Court Rules in Favor of Mining LinkedIn User Data appeared first on Adam Levin.

Mining 55
article thumbnail

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

Threatpost

Cloud Security Malware Vulnerabilities botnet cryptomining CVE-2019-9193 database servers Linux Malware analysis Monero Palo Alto PGMiner PostgreSQL RCE remote code execution security vulnerability Unit 42

Mining 88
article thumbnail

2021 Predictions Are Foolhardy – Here Are Four of Mine

KnowBe4

The post 2021 Predictions Are Foolhardy – Here Are Four of Mine appeared first on MediaPRO.

Mining 52
article thumbnail

Cryptocurrency Mining Employees Expose Nuclear Plant to Internet

WIRED Threat Level

Xbox eavesdropping, email scammers, and more of the week's top security news. Security Security / Security News

Mining 87
article thumbnail

Hijacking Computers for Cryptocurrency Mining

Schneier on Security

Interesting paper " A first look at browser-based cryptojacking ": Abstract : In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website.

Mining 48
article thumbnail

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores. It’s likely IT and security teams won’t find the infection for months.

Mining 132
article thumbnail

Hackers Hijacked Tesla's Cloud to Mine Cryptocurrency

WIRED Threat Level

SecurityThe recent rash of cryptojacking attacks has hit a Tesla database that contained potentially sensitive information.

Mining 75
article thumbnail

Water Utility Infected by Cryptocurrency Mining Software

Schneier on Security

A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack : hackers compromise computers and force them to mine cryptocurrency for them. It seems that this mining software is benign, and doesn't affect the performance of the hacked computer. (A This is the first time I've seen it infect SCADA systems, though. A smart virus doesn't kill its host.) But that's not going to always be the case.

Mining 50
article thumbnail

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. The Ukrainian Secret Service (SBU) launched an investigation after employees at a local nuclear power plant connected some systems of the internal network to the Internet to mine cryptocurrency. The security incident has happened in July at the South Ukraine Nuclear Power Plant at Yuzhnoukrainsk, in the south of the country.

Mining 74
article thumbnail

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. You can mine them, if you have a powerful CPU. Or you can hijack other people’s computers to do the mining. LW: I can’t really use my MacBook to mine Bitcoin, can I?

Mining 112
article thumbnail

Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises

Dark Reading

Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say

Mining 76
article thumbnail

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. All that was needed was the person’s name, address, birthday and Social Security number.

Security 261
article thumbnail

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Security Affairs

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. Security firms spotted several hacking campaigns aimed at compromising websites to install JavaScript-based Monero (XMR) cryptocurrency mining scripts and monetize their efforts. When unaware users visit compromised websites, the script starts using their computers’ processing power to mine cryptocurrency.

Mining 66
article thumbnail

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

Threatpost

Cryptography Vulnerabilities Web Security ASP.NET blue mockingbird cryptomining CVE-2019-18935 deserialization vulnerability Exploit Monero project telerik ui Red Canary remote code execution XMRig

Mining 79