Backdoor / Malicious code

lita-coin 0.0.3 contains a backdoor mechanism that allows launching of hidden cryptocurrency mining operations inside the project. The code also contained a backdoor mechanism that allowed the attacker to send a cookie file back to a compromised project, and allow the attacker to execute maliciou...

suricata-rules

It is an offensive tool for cryptocurrency mining. The repository contains rules for detecting DNS queries to public cryptocurrency mining pool domains. The rules are designed to identify queries to various mining pool domains, including pool.minergate.com, pool.minexmr.com, opmoner.com,...

Malicious Package

jquerry is a malicious package. The index.js file downloads and executes a crypto mining script. However, the script is not executed upon installation...

New Malware Hijacks Kubernetes Clusters to Mine Monero

Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters. While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the...

Malicious Package

Overview All versions of jquerry contain malicious code. The index.js file appears to download and execute a crypto mining script. The file is not run upon installation - the package needs to be required or the index.js run manually. Recommendation Any computer that has this package installed or...

MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...

TeamTNT Cloaks Malware With Open-Source Tool

The TeamTNT threat group has added a new detection-evasion tool to its arsenal, helping its cryptomining malware skirt by defense teams. The TeamTNT cybercrime group is known for cloud-based attacks, including targeting Amazon Web Services AWS credentials in order to break into the cloud and use ...

When Destiny is Knocking on Your Door Again - Data Mining CDN Logs to Refine and Optimize Web Attack Detection

A few years ago, I wrote a blog post trying to explain, with humor, why choosing application security as a career path is destiny derived by my parents calling me "Or", and why a personal name that is a conditional word can sometimes be challenging in daily routines, since some attack payloads...

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage NAS devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service DDoS attacks and mining Monero cryptocurrency. The attack...

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage NAS devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service DDoS attacks and mining Monero cryptocurrency. The attack...

Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilities

Over the last few days, Imperva researchers have monitored the emergence of a new botnet, one whose primary activity is performing different DDoS attacks and mining cryptocurrency. It also acts as a worm trying to extend its reach by scanning specific subnets and ports and using different remote...

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution RCE vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers at Palo...

Xanthe - Docker aware miner

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command NEWS SUMMARY Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack...

The many ways you can be scammed on Facebook, part I

Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and the world still weathering a pandemic, it pays to know what Facebook scams you, those close to you, and those you have professional relationships with could potentially encounter...

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as...

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

CVE-2020-26240

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on...