XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins

Researchers have discovered a new sophisticated malware family in the wild, which wrecks havoc on Windows and Linux systems with a combination of data destructive ransomware and malicious cryptomining. The malware, dubbed by Palo Alto Networks’ Unit 42 researchers who discovered it as Xbash, has...

Cyber Threat Alliance Releases Cryptomining Whitepaper

This post is authored by Ashlee Benge. Despite the recent devaluation of some cryptocurrencies, illicit cryptocurrency miners remain a lucrative and widespread attack vector in the threat landscape. These miners are easy to deploy, and attackers see it as a quick way to steal other users'...

Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware

By Waqas Xbash is an "all in one" malware. Palo Alto Networks’ Unit 42 researchers have come to the conclusion that the notorious Xbash malware that has been attacking Linux and Windows servers is being operated by the Iron Group which is an infamous hacker collective previously involved in a...

ThreatList: Attacks on Industrial Control Systems on the Rise

The systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors are increasingly in the crosshairs of cyber-attackers: A full 41.2 percent of industrial control system ICS were attacked by malicious software at least once in the first half of 201...

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...

Cryptomining scripts will be blocked in upcoming versions of Firefox browser

By Waqas In all the future versions of the Firefox web browser, cryptojacking malware will be blocked. Mozilla, the company behind Firefox browser, announced on August 30 that it is launching an anti-tracking initiative, which will be implemented broadly over the next few months. Firefox has cite...

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware. Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary sin...

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we loo...

Podcast: Bad Packets Report Founder on Rising Cryptojacking Attacks

Security researcher Troy Mursch of the Bad Packets Report joins the Threatpost Podcast to discuss recent cryptojacking campaigns, and why these types of malicious cryptomining attacks are on the rise. Criminals have been harnessing devices – from mobile devices to servers – to mine cryptocurrenci...

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

A vulnerability in a popular Wi-Fi–connected electric outlet for smart homes would allow a remote attacker to take over smart TVs and other devices, as well as execute code – potentially exposing tens of thousands of consumers to cryptomining, ransomware, information disclosure, botnet enslavemen...

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

Ramnit Changes Shape with Widespread Black Botnet

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb...

ZombieBoy cryptomining malware exploits CVEs to evade detection

By Waqas ZombieBoy malware makes $1,000 Monero on a monthly basis. An independent security expert James Quinn has discovered a new family of cryptominers that has been dubbed as ZombieBoy. According to Quinn’s analysis, the newly discovered cryptomining worm clocked in at 43 KH/s which means as p...

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

UPDATE A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability. As of Thursday morning, Censys.io has reported more than 170,000 active MikroTik devices infected with the...

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

The popular Steam online gaming platform has pulled a simple, 2D game from its library, after it was found to be consuming an unusual amount of processing power on gamers’ machines. Steam owner Valve booted the game, “Abstractism,” after players lodged complaints about the game chewing up process...

Case Study: A Cryptomining Attack — With an Assist From Advanced Malware Techniques

In Carbon Black's Quarterly Incident Response Threat Report QIRTR, some of the world’s leading incident response IR professionals reported seeing an uptick in lateral movement, counter incident response, and island-hopping attacks from motivated nation-states. In the case study below, Kroll notes...

Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away

Cyber criminals have seen a golden opportunity in the meteoric rise of cryptocurrencies over the past year. They are harnessing devices – from laptops, to desktops, all the way up to servers – to mine cryptocurrencies such as Bitcoin or Monero. This malicious move, dubbed by some researchers as...

A week in security (July 9 – July 15)

Last week, we talked about domestic abuse fuelled by IoT, doing threat intel programs right, blocking ICO fraud, and man-in-the-middle attacks. We also explained why we block shady ad blockers and provided tips to online shoppers for Prime Day. Other news: Reports revealed that low-end Android...

Newsmaker Interview: Patrick Wardle Talks Apple Malware Flubs and Successes

Patrick Wardle is the chief research officer at Digita Security and founder of Mac security company Objective-See. For years, the self-described “surfer from Hawaii” has been one of the most prolific and respected Mac malware-hunters, uncovering vulnerabilities affecting the macOS platform as wel...

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being...