2014 and Mining - Information Management Today

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Ngrok Mining Botnet

Security Affairs

SEPTEMBER 22, 2018

Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. I’ve been following the Monero mining pool address used in the Ngrok campaign and regularly checking for other research references on the internet. Introduction.

Mining

Mining Honeypots Security IT

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

AUGUST 23, 2019

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. On July 10, agents of the SBU raided the nuclear power plant and discovered the equipment used by the employees to mining cryptocurrency. ” reported ZDnet. Pierluigi Paganini.

Mining

Mining Military Security Access

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Security Affairs

FEBRUARY 28, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. Security firms spotted several hacking campaigns aimed at compromising websites to install JavaScript-based Monero (XMR) cryptocurrency mining scripts and monetize their efforts. Pierluigi Paganini. Pierluigi Paganini.

Mining

Mining Marketing Access Security

Israel surveillance firm NSO group can mine data from major social media

Security Affairs

JULY 19, 2019

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media. Pierluigi Paganini.

Mining

Mining Cloud Archiving Sales

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. ” continues the report. Pierluigi Paganini.

Mining

Mining Cloud Security IT

Google bans cryptocurrency mining apps from the official Play Store

Security Affairs

JULY 28, 2018

Google has updated the Play Store Developer Policy page to ban mobile mining apps that mine cryptocurrencies using the computational resources of the devices. “We don’t allow apps that mine cryptocurrency on devices,” reads the entry included in the policy. Securi ty Affairs – mining apps, Google).

Mining

Mining IT Security

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

EVRAZ operations in North America disrupted by Ryuk ransomware

Security Affairs

MARCH 7, 2020

Computer systems at EVRAZ, a multinational vertically integrated steel making and mining company, have been hit by Ryuk ransomware. EVRAZ is one of the world’s largest multinational vertically integrated steel making and mining companies with headquarters in London. Pierluigi Paganini. SecurityAffairs – hacking, EVRAZ).

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. CVE-2014-3120 (Elasticsearch before 1.2) The WatchDog botnet has been active at least since Jan. x before 1.4.3)

Mining

Mining Cloud Access Security

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

The malware uses the victim’s resource to mine cryptocurrency, steals cryptocurrency wallet-related files, and replaces wallet addresses in the clipboard to hijack cryptocurrency payments. Both of these programs are set up to connect to an operator-controlled mining server over the Tor proxy.” ” reads the report.

Mining

Mining Communications IT Security

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs. “Over the weekend we’ve seen a crypto-mining worm spread that steals AWS credentials. Review network traffic for any connections to mining pools, or using the Stratum mining protocol.

Mining

Mining Security Access IT

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. You can mine them, if you have a powerful CPU. Bilogorskiy.

Mining

Mining Cloud Ransomware Passwords

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

.” The binary establishes a connection to the C&C server, then scans processes running on the compromised device and attempts to kill any that are running the CoinHive script that could be mining Monero. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining IoT Blockchain Risk

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. The malware uses a stratum/XMRig proxy to hide the mining pool and terminates the mining process when the user opens Task Manager, to avoid to show the CPU usage.

Mining

Mining Communications IT Security

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. .” ” continues the report. Pierluigi Paganini.

Blockchain

Blockchain Mining Cloud Communications

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” conclude the experts. Pierluigi Paganini.

Mining

Mining Passwords Education Cybersecurity

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.” Pierluigi Paganini.

Mining

Mining Libraries Analytics Security

Other 3,700 MikroTik Routers compromised in cryptoJacking campaigns

Security Affairs

SEPTEMBER 10, 2018

Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns. Thousands of unpatched devices are mining for cryptocurrency at the moment. Now the researcher Troy Mursch noticed that the infected MikroTik routers from the latest campaign open a websockets tunnel to a web browser mining script.

Mining

Mining IoT Libraries Security

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. ” The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency, hackers exploit unprotected open Docker API port to instantiate an Ubuntu container. “The spre.

Mining

Mining Libraries Cloud Communications

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Earlier August, experts uncovered a massive crypto jacking campaign that was targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. In September thousands of unpatched MikroTik Routers were involved in new cryptocurrency mining campaigns. Pierluigi Paganini.

Mining

Mining Systems administration Security Access

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining File names Risk Cybersecurity

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

“The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” ” continues the report.

Mining

Mining Honeypots Cloud Passwords

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

A few days ago EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware IT Computer and Electronics Mining

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. ” continues Talos. Pierluigi Paganini.

Mining

Mining IT Security Information Security

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

OCTOBER 23, 2020

A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Mining

Mining Passwords IT Security

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies. Pierluigi Paganini.

Mining

Mining Systems administration Encryption Authentication

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010. Experts from Recorded Future’s Insikt Group linked a series of attacks, part of RedFoxtrot China-linked campaigns, to the PLA China-linked Unit 69010.

Military

Military Mining Government Communications

Romanian duo convicted of fraud Scheme infecting 400,000 computers

Security Affairs

APRIL 14, 2019

The two men also advertised fraud using email accounts created using the stolen credentials on behalf of the victims, mined cryptocurrency and stole money and cryptocurrency through credit card fraud. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The defendants would then steal account credentials.

Mining

Mining Marketing Security

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

“All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Mining

Mining Authentication Ransomware Access

Google is indexing the phone numbers of WhatsApp users raising privacy concerns

Security Affairs

JUNE 8, 2020

mining social media accounts where the victim use the same profile picture). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Whatsapp, privacy).

Privacy

Privacy Mining Marketing Security

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

JUNE 15, 2020

and Italy hosting Android and cryptocurrency mining malware.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Mining Encryption Access

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

Security Affairs

JUNE 11, 2020

” Hackers are targeting Kubernetes clusters because nodes used from ML operations have huge computational capabilies making them ideal for fraudulent mining purposes. This fact makes Kubernetes clusters that are used for ML tasks a perfect target for crypto mining campaigns, which was the aim of this attack.”

Mining

Mining Access Security IT

Linux Cryptocurrency miner leverages rootkit to avoid detection

Security Affairs

NOVEMBER 11, 2018

“We recently encountered a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.Linux.KORKERDS.AB) affecting Linux systems,” reads the report published by TrendMicro. . “The rootkit component of the cryptocurrency-mining malware is a slightly modified/repurposed version of a publicly available code.

Mining

Mining IT Security

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

The police also seized an extensive bitcoin mining operation in Bulgaria associated with QQAAZZ. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, QQAAZZ cybercrime gang).

Mining

Mining IT Security Information Security

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

The service creates multiple threads to carry out several malicious activities, such as data exfiltration and mining. The updated miner is injected into the svchost.exe to start crypto-mining, if the injection fails, the service writes the miner to %systemroot%system32TrustedHostex.exe and launches it. then it deletes itself.

Mining

Mining File names IT Access

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

File names

File names Encryption Mining Security

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. gooobb ” file.

Mining

Mining Encryption IT Security

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts pointed out that the bot doesn’t contain any offensive features, such as the ability to launch DDoS attacks or to mine cryptocurrency, a circumstance that suggests the malware is under development. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the post. Pierluigi Paganini.

IoT

IoT Mining Communications IT

Access to over 3,000 compromised sites sold on Russian black marketplace MagBo

Security Affairs

SEPTEMBER 19, 2018

. “ Illicit access to compromised or backdoored sites and databases is used by criminals for a number of activities, ranging from spam campaigns, to fraud, or cryptocurrency mining.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report.

Access

Access Mining Insurance Education

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. RubyGems maintainers discovered that the backdoor mechanism was used by threat actors to insert cryto -mining code in the projects using the malicious versions of the libraries. Pierluigi Paganini. SecurityAffairs –.

Libraries

Libraries Mining Passwords Authentication

Blue Mockingbird Monero-Mining campaign targets web apps

Ngrok Mining Botnet

Webinars

Trending Sources

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Webinars

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Israel surveillance firm NSO group can mine data from major social media

Pacha Group declares war to rival crypto mining hacking groups

Google bans cryptocurrency mining apps from the official Play Store

New MrbMiner malware infected thousands of MSSQL DBs

EVRAZ operations in North America disrupted by Ryuk ransomware

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

New KryptoCibule Windows Trojan spreads via malicious torrents

TeamTNT is the first cryptomining bot that steals AWS credentials

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Previously undetected VictoryGate Botnet already infected 35,000 devices

Doki, an undetectable Linux backdoor targets Docker Servers

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Other 3,700 MikroTik Routers compromised in cryptoJacking campaigns

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Crooks spread malware via pirated movies during COVID-19 outbreak

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

The City of Durham shut down its network after Ryuk Ransomware attack

WatchBog cryptomining botnet now uses Pastebin for C2

Sopra Steria hit by the Ryuk ransomware gang

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Crooks continue to abuse exposed Docker APIs for Cryptojacking

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Romanian duo convicted of fraud Scheme infecting 400,000 computers

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Google is indexing the phone numbers of WhatsApp users raising privacy concerns

Black Kingdom ransomware operators exploit Pulse VPN flaws

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

Linux Cryptocurrency miner leverages rootkit to avoid detection

QQAAZZ crime gang charged for laundering money stolen by malware gangs

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Microsoft warns of Dexphot miner, an interesting polymorphic threat

New variant of Linux Botnet WatchBog adds BlueKeep scanner

New HEH botnet wipes devices potentially bricking them

Access to over 3,000 compromised sites sold on Russian black marketplace MagBo

A backdoor mechanism found in tens of Ruby libraries

Stay Connected