2019 and Mining - Information Management Today

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Security Affairs

FEBRUARY 28, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. Security firms spotted several hacking campaigns aimed at compromising websites to install JavaScript-based Monero (XMR) cryptocurrency mining scripts and monetize their efforts. Pierluigi Paganini.

Mining

Mining Marketing Access Security

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

FEBRUARY 27, 2019

com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. Coinhive took a whopping 30 percent of the cut of all Monero currency mined by its code, and this presented something of a conflict of interest when it came to stopping the rampant abuse of its platform.

Mining

Mining IT Blockchain Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

5 IoT Security Predictions for 2019

Security Affairs

DECEMBER 21, 2018

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2019 will continue these trends but at a faster pace. Upcoming government standardization efforts will continue to increase substantially in 2019. About the author: Matt Burke.

IoT

IoT Security Manufacturing Privacy

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. The WatchDog botnet has been active at least since Jan.

Mining

Mining Cloud Access Security

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. which was renamed to NortonLifeLock in 2019. Even with compatible hardware, mining cryptocurrencies on your own can be less rewarding.

Mining

Mining Privacy IT Security

Nitrokod crypto miner infected systems across 11 countries since 2019

Security Affairs

AUGUST 29, 2022

Once the malicious code is executed, the malware connects to the C2 server to get the XMRig crypto miner configuration and starts mining crypto currencies. The post Nitrokod crypto miner infected systems across 11 countries since 2019 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Mining

Mining Security Information Security IT

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service). However, many users have reported difficulty removing the mining program.

Mining

Mining Computer and Electronics Blockchain Marketing

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

In 2018, CVE-2019-9193 was linked to this feature, naming it as a “vulnerability.” “We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL.” In 2019, a CVE-2019-9193 was assigned to this feature, naming it as a “vulnerability.”

Mining

Mining Passwords Authentication Access

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. ” continues Talos.

Mining

Mining IT Security Information Security

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.”

Blockchain

Blockchain Mining Honeypots Security

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

JUNE 15, 2020

Researchers from security firm REDTEAM reported that operators behind the Black Kingdom ransomware are targeting enterprises exploiting the CVE-2019-11510 flaw in Pulse Secure VPN software to gain access to the network. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. reads the advisory.

Ransomware

Ransomware Mining Encryption Access

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. ” The vulnerability , tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates. .

Mining

Mining Encryption IT Security

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate botnet is active since at least May 2019, the botnet is more active in Latin America the most. The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads.

Mining

Mining Communications IT Security

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

NOVEMBER 22, 2022

“They induced victims to enter into fraudulent equipment rental contracts with the defendants’ cryptocurrency mining service called HashFlare. ” The defendants are accused to have defrauded the victims between December 2013 and August 2019, they operated with other co-conspirators residing in Estonia, Belarus, and Switzerland.

Mining

Mining Marketing IT Security

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.”

Mining

Mining Libraries Analytics Security

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

“The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” link] — Caprico (@Suprn8) May 18, 2019.

Mining

Mining Honeypots Cloud Passwords

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. The KashmirBlack botnet has been active at least since November 2019, operators leverages dozens of known vulnerabilities in the target servers. .”

CMS

CMS Mining Communications Security

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. .” reads the Tweet published by the Microsoft Security Intelligence team.

Mining

Mining File names Risk Cybersecurity

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits.

Government

Government Mining Archiving Encryption

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. billion in 2019. In August 2019, the company said a third-party investigation into the exposure identified just 32 consumers whose non-public personal information likely was accessed without authorization. .

Insurance

Insurance Financial Services Mining Access

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

Security Affairs

JANUARY 8, 2019

51% attack refers to an attack on a blockchain by a group of miners that controls over 50% of the network’s mining hashrate. “On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. reads an update published by Coinbase on January 6, 2019.

Blockchain

Blockchain Mining IT Security

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names

File names Communications Mining Archiving

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The malware is an evolution of a Monero cryptocurrency miner that was first spotted by Unit 42 researchers in 2019. to mine Monero, unlike 2019 variant, it uses a Python infection script to implement “wormable” capabilities. “Pro-Ocean uses known vulnerabilities to target cloud applications. .

Cloud

Cloud Libraries Mining IT

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

Avast researchers reported that since 2019, MyKings operators have amassed at least $24 million in the Bitcoin, Ethereum, and Dogecoin. Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and is allowing its operators to earn huge amounts of money via cryptomining activities.

ROT

ROT Mining Encryption IT

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.

Mining

Mining Cloud Security IT

Expert released PoC for Outlook for Android flaw addressed by Microsoft

Security Affairs

JUNE 23, 2019

Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. This one is mine. link] — Bryan Appleby (@bryapp) June 22, 2019. “ the ability to embed an iframe into an email is already a vulnerability. Case went cold.

Mining

Mining Access Authentication Security

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. “This aspect of the campaign expands the mining operation to support computers running Linux. ” reads the post published by Sophos.

Mining

Mining Passwords Authentication Access

Highly evasive cryptocurrency miner targets macOS

Security Affairs

FEBRUARY 24, 2023

The malicious code uses i2p to download malicious components and send mined currency to the attacker’s wallet. The experts identified three generation of malware since August 2019. Today, many malicious applications continue to go undetected by most AV vendors.

Mining

Mining Passwords Communications Security

Security Affairs newsletter Round 203 – News of the week

Security Affairs

MARCH 3, 2019

CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER). Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild. CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019. Cisco addressed CVE-2019-1663 RCE flaw in wireless routers. Kindle Edition. Paper Copy.

Security

Security Mining Ransomware Paper

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Security Affairs

AUGUST 29, 2019

District Court in Seattle on September 5, 2019. According to the indictment, Paige THOMPSON created a scanning software that used to identify AWS customers who had misconfigured their firewalls, then the hacker accessed their servers to steal data, and to “mine” cryptocurrency. .” reads the press release published by DoJ.

Mining

Mining Cloud Data breaches Access

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management.

Financial Services

Financial Services Libraries Mining Retail

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

In 2019, over 320 million users were registered with the MercadoLivre e-commerce platform. . bin, researchers also observed the use of a cryptocurrency mining module. . Chaes is written in several programming languages including Javascript, Vbscript,NET , Delphi and Node.js.

Phishing

Phishing Mining Libraries Encryption

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

— Gendarmerie nationale (@Gendarmerie) August 28, 2019. Since it was the C&C server’s responsibility to give mining jobs to the bots, none of the bots received any new mining jobs to execute after this takedown.” Une #PremièreMondiale ! ” continues Avast.

Mining

Mining Ransomware IT Security

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

ESET researchers also said the attackers also attempt to exploit RDP connections to try to install coin-mining malware or create a backdoor. Between December 2019 and until February 2020, the experts observed a number of attacks between 70,000 and 40,000 on a daily basis.

Passwords

Passwords Authentication Mining Access

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

As stated in a recent Eset report , the Shade infection had an increase during October 2018, keeping a constant trend until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size (shown in Figure 1). Trend of malicious JavaScript downloading Shade ransomware (source: ESET).

Ransomware

Ransomware Mining File names Encryption

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

Nheqminer is a great implementation of equihash mining, mainly used on NiceHas but forked many times and todays is getting used for several spare projects as well. Exploring memory snapshots during its execution can be easy to figure out the miner runs over Zcash.Flypool server mining for the following wallet address. Attacker Wallet.

Ransomware

Ransomware Mining File names Encryption

Necro botnet now targets Visual Tools DVRs

Security Affairs

OCTOBER 12, 2021

The botnet appeared on the threat landscape in November 2020, the attacks aimed at compromising the target systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaigns. CVE-2019-12725 – Zeroshell 3.9.0. from visual-tools.com. P4410-V2-1.28

Mining

Mining IT Security IoT

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The executioner loads two modules, a Monero miner and a module for worming replication.

Passwords

Passwords Mining Risk IT

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks.

IT

IT IoT Mining Manufacturing

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

The loader observed by the researchers in the attacks is written in Golang and borrows the Ezuri code published on GitHub by the user guitmz in March 2019. .” reads the post published by AT&T’s Alien Labs. Experts noticed that the group also used the Ezuri loader that is similar to the original one. .

Encryption

Encryption Passwords Mining IT

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

SAP Patch Day – July 2019 addresses a critical flaw in Diagnostics Agent. CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 Israel surveillance firm NSO group can mine data from major social media. Paper Copy. Once again thank you! For nearly a year, Brazilian users have been targeted with router attacks.

Security

Security Mining Ransomware Data collection

Cryptomining Campaign involves Golang malware to target Linux servers

Security Affairs

JULY 5, 2019

” Attackers leverage well-known flaws to compromise target systems, including security issues in ThinkPHP (CVE-2019-9082 and CVE-unassigned) , Atlassian Confluence (CVE-2019-3396) , and the popular Drupalgeddon vulnerability (CVE-2018-7600). At the time of this writing, this operation had earned the attacker less than $2,000 USD.

Passwords

Passwords Archiving Mining Access

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Blue Mockingbird Monero-Mining campaign targets web apps

Webinars

Trending Sources

Crypto Mining Service Coinhive to Call it Quits

Webinars

5 IoT Security Predictions for 2019

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

500M Avira Antivirus Users Introduced to Cryptomining

Nitrokod crypto miner infected systems across 11 countries since 2019

Norton 360 Now Comes With a Cryptominer

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

WatchBog cryptomining botnet now uses Pastebin for C2

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Black Kingdom ransomware operators exploit Pulse VPN flaws

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Previously undetected VictoryGate Botnet already infected 35,000 devices

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Crooks spread malware via pirated movies during COVID-19 outbreak

APT hacked a US municipal government via an unpatched Fortinet VPN

NY Charges First American Financial for Massive Data Leak

Lemon_Duck cryptomining botnet targets Docker servers

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

MyKings botnet operators already amassed at least $24 million

Chinese-speaking cybercrime gang Rocke changes tactics

Expert released PoC for Outlook for Android flaw addressed by Microsoft

Lemon_Duck cryptomining malware evolves to target Linux devices

Highly evasive cryptocurrency miner targets macOS

Security Affairs newsletter Round 203 – News of the week

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Oracle critical patch advisory addresses 284 flaws, 33 critical

Phishing campaign targets LATAM e-commerce users with Chaes Malware

French Police remotely disinfected 850,000 PCs from RETADUP bot

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

The Long Run of Shade Ransomware

Ransomware, Trojan and Miner together against “PIK-Group”

Necro botnet now targets Visual Tools DVRs

DirtyMoe modules expand the bot using worm-like techniques

Mozi infections will slightly decrease but it will stay alive for some time to come

Ezuri memory loader used in Linux and Windows malware

Security Affairs newsletter Round 223 – News of the week

Cryptomining Campaign involves Golang malware to target Linux servers

Stay Connected