24 matches found
Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software
A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz,...
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data...
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only...
PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution RCE vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers at Palo...
Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners
A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...
ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language a...
A week in security (August 26 – September 1)
Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in...
Ann Day honey network capture“use of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net
1, Overview 2019 6 May 13, Ann Day honey network capture to use CVE-2015-1427ElasticSearch Groovyremote command execution vulnerability attacks. The vulnerability principle is Elaticsearch groovy as a scripting language, and based on the use of black and white lists of the sandbox mechanism to...
Exploits for Social Warfare WordPress Plugin Reach Critical Mass
UPDATE Active exploits for a recently disclosed bug in a popular WordPress plugin, Social Warfare, are snowballing in the wild – potentially putting more than 40,000 websites at risk. The vulnerability, CVE-2019-9978, tracks both a stored cross-site scripting XSS vulnerability and a remote...
Real World Examples Demonstrating the Need for Mature Threat Hunting
A recent article discussed the keys to becoming a level 4 maturity threat hunting program. This article will bring these concepts into the real world by discussing examples of attacks that required that high level of threat hunting maturity to find them and defend against them. The case studies...
Trend Micro Security’s 2019 Release Protects You Better Than Ever Against Ransomware, Coin-mining, Banking, and E-Commerce Threats
2019 has barely gotten started, but by Q4 of 2018 Trend Micro had already seen a 956% increase in coin-mining malware detections for the year-to-date—right alongside the persistent threat of ransomware and online banking and e-commerce hacks designed to steal your identity or your money. Folks ca...
New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets
Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts. Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the...
New Malware Combines Ransomware, Coin Mining and Botnet Features in One
Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new...
New Malware Combines Ransomware, Coin Mining and Botnet Features in One
Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new...
How's that Security Back Door Doing? (Part 2)
In the first part of this blog post I wrote about how recursive DNS rDNS is an attack surface that many enterprises don't currently protect. Bad actors are exploiting that fact and developing advanced targeted threats that use DNS to bypass conventional security tools such as firewalls, secure we...
Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns
Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...
Mining of the virus through the Flash vulnerability propagation, a careful computer becomes mine machine-vulnerability warning-the black bar safety net
4 on 24 May, tinder the security team Alarm, the virus groups the use of Adobe Flash vulnerability propagation mining viruses. Virus gang the mining program implanted to the game download Station“52pk”, www.52pk.com when the user visits the website, the poison page to show after, without any...
A coin miner with a “Heaven’s Gate”
You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...
Resurrection of the Evil Miner
At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...