Malicious cryptomining and the blacklist conundrum

When Coinhive first came out in September of 2017, it was fairly easy to identify websites using browser miners by looking for a few lines referencing the Coinhive API within the HTML source code. Because this was a new phenomenon, even bad actors didn't have to hide their intentions, and...

Keep Your Home Warm with this cryptomining heater

By Waqas Recently, a French startup Quarnot introduced a cryptomining heater that This is a post from HackRead.com Read the original post: Keep Your Home Warm with this cryptomining heater...

Cryptomining is all the rage among hackers, as DDoS amplification attacks continue

In this week’s InfoSec news review we’ll dive into cryptomining, get the latest on DDoS amplification, go over recent data breaches, and check out another vendor claiming it can crack iPhones. I, me, mine The freight train that’s cryptomining shows no sign of slowing down, and the cyber security...

RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications. Having said that, all of the attacks we have seen so far, were somewhat...

Cryptomining Gold Rush: One Gang Rakes In $7M Over 6 Months

The bloom is on the criminal cryptomining of computer resources and the reason is obvious – it’s lucrative. One cryptomining gang tracked by researchers over the past six months minted $7 million with the help of 10,000 computers infected with mining malware. The rise of malicious cryptomining...

Cryptomining Rules Endpoints Around Me (Get the Monero)

If you know me then you know how much I love the Wu. You also know how much I love infosec. I thought this particular topic worthy to marry the two. The Saga Continues for the ownership of endpoints. Organizations purchase them, manage them, update, support, and protect them. However, the bad...

Mirai Variant ‘OMG’ Turns IoT Devices into Proxy Servers for Cryptomining

By Waqas Mirai IoT bot malware is one such piece of malicious This is a post from HackRead.com Read the original post: Mirai Variant 'OMG' Turns IoT Devices into Proxy Servers for Cryptomining...

How to protect your computer from malicious cryptomining

Noticing that your computer is running slow? While sometimes a telltale sign of infection, these days that seems doubly true. And the reason is: malicious cryptomining. So, what, exactly, is it? We'll tell you how bad this latest malware phenomenon is for you and your computer, plus what you can ...

The state of malicious cryptomining

While cryptocurrencies have been around for a long time and used for legitimate purposes, online criminals have certainly tarnished their reputation. Unfortunately, the same benefits offered by these decentralized and somewhat anonymous digital currencies were quickly abused to extort money, as w...

Flaw in Telegram Windows App Used for Cryptomining & Backdoor

By Waqas Another day, another popular app compromised to drop backdoor and conduct This is a post from HackRead.com Read the original post: Flaw in Telegram Windows App Used for Cryptomining & Backdoor...

Millions of Android Phones Hacked to Mine Monero Coins

By Waqas Newly Identified Drive-by Monero Cryptomining Campaign Targeted Millions of Android This is a post from HackRead.com Read the original post: Millions of Android Phones Hacked to Mine Monero Coins...

Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

Attackers are using the time-tested right-to-left override technique to deliver cryptomining malware through the popular Telegram messaging application, say researchers. The right-to-left RLO technique uses Unicode to hide malicious file names and trick users into executing what appear to be beni...

Drive-by cryptomining campaign targets millions of Android users

Malvertising and online fraud through forced redirects and Trojanized apps—to cite the two most common examples—are increasingly plaguing Android users. In many cases, this is made worse by the fact that people often don't use web filtering or security applications on their mobile devices. A...

Keylogger Campaign Returns, Infecting 2,000 WordPress Sites

Over 2,000 WordPress sites are infected with a malicious script that can deliver both a keylogger and the in-browser cryptocurrency miner CoinHive. Researchers at Sucuri who made the discovery, said the recent campaign is tied to threat actors behind a December 2017 campaign that infected over...

Presenting: Malwarebytes Labs 2017 State of Malware Report

2017 was a tumultuous year in politics, media, gender, race—and cybersecurity didn’t beat the rap. Last year was full of twists and turns in the cybercrime world, with major outbreaks, new infection methods, and the evolution of the cryptocurrency crime industry. In aiming to make sense of the...

Attackers Exploit Oracle WebLogic Flaw to Mine $266K in Monero

By Waqas Another day, another Monero cryptomining campaign and this time attackers exploited This is a post from HackRead.com Read the original post: Attackers Exploit Oracle WebLogic Flaw to Mine $266K in Monero...

A week in security (January 1 – January 7)

New year, new threats, as 2018 gets underway. On our blog, we had dubious searches aplenty for those hunting for Malwarebytes information, and we also covered the huge Meltdown/Spectre bug, affecting hardware going back to 10 years. Other news Coin miners are at it again, with a proof of concept...

A look into the global drive-by cryptocurrency mining phenomenon

An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser. JavaScript-based mining is cross-platform compatible and works on all modern...

A week in security (September 25 – October 01)

Recently, we talked about the hacking incident at Deloitte, one of the 'big four' global accounting firms. It was reported that client email addresses, usernames, and passwords were exposed. This also brought to light weaknesses in their policies and lack of threat intelligence to recover leaked...