PYSEC-2024-154 A number of releases of ultralytics contained malicious crypto miner software.

Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI...

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining and deliver botnet malware. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver a malware strain dubbed Hadooken,...

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner...

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "Wi...

Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge

The peer-to-peer P2 worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware's...

Fake Super Mario 3 Installers Drop Crypto Miner, Data Stealer

By Deeba Ahmed Cyble Research and Intelligence Lab's cybersecurity researchers have disclosed how threat actors exploit gamers by delivering malware-loaded installers of popular games. This is a post from HackRead.com Read the original post: Fake Super Mario 3 Installers Drop Crypto Miner, Data...

Cinoshi A Novel Malware-as-a-Service Platform

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cinoshi is a new MaaS platform with a toolkit including a stealer, botnet, clipper, and crypto-miner. Offering free stealer and web panel is rare. To receive real-time threat advisories, please follow...

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Today, CISA and the Federal Bureau of Investigation FBI published a joint Cybersecurity Advisory CSA, Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch...

Vulnerable Atlassian Confluence Servers utilized to drop Crypto Miners

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Atlassian Confluence Servers CVE-2022-26134, an unauthenticated remote code execution RCE vulnerability that was recently patched, is being used by adversaries to deploy cryptocurrency mining malware...

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple an...

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python...

Nitrokod Crypto Miner Hiding in Fake Microsoft and Google Translate Apps

By Waqas Nitrokod crypto miner mines Monero XMR coin on infected devices and so far it has targeted 111,000 unsuspecting users in 11 countries. This is a post from HackRead.com Read the original post: Nitrokod Crypto Miner Hiding in Fake Microsoft and Google Translate Apps...

Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software

A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz,...

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 DFIR-Notes Driving home I got my first message...

IBM: Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it

This report revealed a vulnerable server running an unauthorized Kubernetes which allowed unkn0wn to gain remote code execution. This issue was reported to IBM and has been remediated...

Romanian Crypto Mining Infection

While examining my honeypot logs and digging through the newly downloaded binaries last week, I noticed a large compressed file. I figured it would be a crypto miner, typically a tar archive and gzip normally erroneously compressed. I moved the archive over to my test lab and started examining th...

Another Golang Crypto Miner On the Loose

There are many crypto mining malware variants infecting systems on the internet. On Friday, March 4, 2021, I noticed an interesting hit in my honeypot logs. The binary it captured stood out, as it was rather large at 4MB. I immediately thought it would be a crypto miner written in the Go language...