Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets,...

CVE-2017-20210

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

CVE-2017-20210

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

CVE-2017-20210 Photo Station

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

CVE-2017-20210

This CVE concerns QNAP Photo Station. Affected software: Photo Station versions 5.4.1 and 5.2.7. Root cause: related to XMR mining programs; vendors indicate a security fix is included in these versions. Impact and exploitation details are not provided in the documents beyond the XMR-mining assoc...

CVE-2017-20210 Photo Station

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

PT-2025-46316

Name of the Vulnerable Software and Affected Versions Photo Station versions prior to 5.4.1 Photo Station version 5.2.7 Description The software contains a security issue related to XMR mining programs. Internal research identified this issue, and versions 5.4.1 and 5.2.7 include a security fix...

QNAP Systems Photo Station 安全漏洞

QNAP Systems Photo Station is an online photo album from China-based QNAP Systems, Inc. It is used to organize multimedia content photos and videos on Qnap Nas. A security vulnerability exists in QNAP Systems Photo Station versions 5.4.1 and 5.2.7 that stems from a security issue related to the X...

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service AWS identity and access management IAM credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to...

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

BitRAT Now Sharing Sensitive Bank Data as a Lure

Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence...

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and...

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It...

Golang Cryptomining Worm Offers 15% Speed Boost

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm...

Old crypto malware makes come back, hits Windows, Linux devices

By Deeba Ahmed LemonDuck was first discovered in China in 2019 as a cryptocurrency botnet that used affected systems for Monero mining. This is a post from HackRead.com Read the original post: Old crypto malware makes come back, hits Windows, Linux devices...

Linux-Focused Cryptojacking Gang Tracked to Romania

A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

By Waqas According to researchers, both developer resources were also targeted last year for Monero mining but now the campaign has resurfaced. This is a post from HackRead.com Read the original post: Threat actors hijacking Bitbucket and Docker Hub for Monero mining...

suricata-rules

It is an offensive tool for cryptocurrency mining. The repository contains rules for detecting DNS queries to public cryptocurrency mining pool domains. The rules are designed to identify queries to various mining pool domains, including pool.minergate.com, pool.minexmr.com, opmoner.com,...