This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme

Five men face federal charges of bilking investors of $722 million by inviting them to buy shares in bitcoin mining pools...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Skidmap

Hijacking machine resources and using them to mine for cryptocurrency continues to be an attractive and lucrative target for threat actors. As we’ve continued to see this type of attack used, we’ve also seen more platforms being targeted. Seeing cryptocurrency mining malware targeting Linux and...

Why DNS Visibility Matters in Education

My colleague in Spain recently wrote an informative article about DNS Protection and why it's a must-have security solution for any company. Building out on this topic, I would like to look specifically at the Education market and what the consequences can be if DNS Visibility is not taken...

Botnet found using YouTube to illegally mine cryptocurrency

By Sudais This time again, hackers have been found mining a popular yet anonymized cryptocurrency. Read more to know what these hackers are up to... This is a post from HackRead.com Read the original post: Botnet found using YouTube to illegally mine cryptocurrency...

Dexphot Malware Hijacks 80K+ Devices to Mine Cryptocurrency

Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines, sucking up their CPU power in order to mine cryptocurrency. Researchers first discovered Dexphot in October 2018 and saw its activity peak during July. They said that the malware has a complex attack chain and...

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every 20-30 minutes on thousands of devices. We gave...

NiceHash Miner Input Validation Error Vulnerability

NiceHash Miner is a mining software for Bitcoin. An input validation error vulnerability exists in NiceHash Miner versions prior to 2.0.3.0. The vulnerability stems from a network system or product that does not properly validate incoming data. No details of the vulnerability are provided at this...

CVE-2019-6121

An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance at the time of December 2017 breach , Projected payout, Mining stats like profitability...

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for ...

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for ...

Pockint - A Portable OSINT Swiss Army Knife For DFIR/OSINT Professionals

POCKINT a.k.a. Pocket Intelligence is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program to be carried within USBs or investigation VMs, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box...

Malicious Package

comander is a malicious package. The package is a malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require, the package attempts to start a cryptocurrency miner using coin-hive...

Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month

Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous...

Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month

Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous...

Panda Threat Group Mines for Monero With Updated Payload, Targets

The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloa...

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Christopher Evans and David Liebenberg. Executive summary A new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools RATs and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor...

Watchbog and the Importance of Patching

By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response CSIRS recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-bas...

PsiXBot Adds PornModule, Google DNS Service to Its Arsenal

The PsiXBot malware has made a few changes in recent weeks, including implementing Google’s DNS over HTTPS DoH and adding the blackmail-ready “PornModule” to its bag of tricks. PsiXBot is a multi-use Windows malware that has a range of capabilities, including keylogging, stealing passwords and...

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in...