Analysis and Mining - Information Management Today

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. ” reads the analysis published by 360 Netlab. The mining program is composed of unity_install.sh The malware was designed to abuse NAS resources and mine cryptocurrency. and Quick.tar.gz.

Mining

Mining Ransomware Security IT

Ngrok Mining Botnet

Security Affairs

SEPTEMBER 22, 2018

Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. I’ve been following the Monero mining pool address used in the Ngrok campaign and regularly checking for other research references on the internet. Whaler – attack types and analysis. Introduction.

Mining

Mining Honeypots Security IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Hackers Used Malicious Docker Images to Mine Monero

Data Breach Today

JUNE 26, 2020

Researchers Found Images on Docker Hub That Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hide cryptocurrency mining code, according to an analysis from Palo Alto Networks' Unit 42.

Mining

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. ” continues the report. Pierluigi Paganini.

Mining

Mining Cloud Security IT

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

MARCH 15, 2023

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. ” reads the analysis published by Crowdstrike. The mining efforts by the pods are contributed back to a community pool, which distributes the reward (i.e., ” continues the report.

Mining

Mining Privacy IT Access

Improve safety using root cause analysis and strengthening information management

OpenText Information Management

NOVEMBER 13, 2024

The energy and resources sector including utilities, oil and gas, chemicals, and metals & mining is one of the most hazardous in the world. safety procedures, job safety analysis, material safety data sheets, emergency response plans, operating instructions, and much more), summarization, and translation at the speed of light.

Energy and Utilities

Energy and Utilities Mining Communications Risk

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

Evasion checks supported by the malicious code include detecting debuggers, verifying active processes, checking CPU core count, and scanning for malware analysis tools. The executable then downloads a text file containing XMRig configuration details to initiate mining activities. ” concludes the report.

Phishing

Phishing Mining Authentication Communications

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. The WatchDog botnet has been active at least since Jan. Redis Spring Data Commons CVE-2018-1273, versions prior to 1.13-1.13.10,

Mining

Mining Cloud Access Security

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

com) — is registered as a money service business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The analysis also showed nearly all 56 exchanges used services from Cloudflare , a global content delivery network based in San Francisco. formerly certa-pay[.]com) su , grumbot[.]com ”

Blockchain

Blockchain Mining Marketing IT

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

” reads the analysis published by Trend Micro. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. ” reads the analysis published by Trend Micro.

Mining

Mining Cloud Security Access

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Security Affairs

JANUARY 4, 2024

The code decodes and retrieves a shell script (“unmi.sh”) from a remote server, in turn, it fetches a configuration file for the mining activity along with the CoinMiner file hosted on GitLab. This file outlines the cryptocurrency mining setting. ” reads the analysis published by Fortinet.

Mining

Mining IT Security Information Security

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The suspect is believed to have mined over USD 2 million (EUR 1.8 ” An unnamed cloud service provider supported the investigation for months. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

Mining

Mining Cloud Access Authentication

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

” The Trend Micro researchers’ analysis shows a fairly typical command & control (C&C) malware infection process with many similarities to the Satori variant of the Mirai botnet. Analysis of the code indicates that it could be used as a distributed denial of service (DDoS) platform if enough devices are compromised.

Mining

Mining IoT Blockchain Risk

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” reads the analysis published by Guardicore.

Mining

Mining Passwords Education Cybersecurity

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. ” continues the analysis. The analysis of the sinkholing activities revealed that there are, on average, 2,000 devices mining throughout the day.

Mining

Mining Communications IT Security

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

” reads the analysis published by Palo Alto Networks Unit42. “We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL.” ” continues the analysis. ” concludes the analysis. ” The attack chain starts by randomly picking a public network range (e.g.,

Mining

Mining Passwords Authentication Access

‘Spider-Man: No Way Home’ used to spread a cryptominer

Security Affairs

DECEMBER 25, 2021

” reads the analysis published by ReasonLabs. The resource contains information for the mining activity, the researchers identified a self-compiled version of the XMrig open-source miner containing information such as username, password, algorithm, and mining pool. mp4” format.

Mining

Mining Passwords IT Security

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js.

Mining

Mining Libraries Cybersecurity Security

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These particular applications are targeted because they often run on systems that have powerful underlying hardware with significant amounts of memory and powerful CPUs—all of which allow threat actors to maximize their ability to monetize these resources through mining cryptocurrency.” ” continues the analysis.

Mining

Mining Passwords Communications Ransomware

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

Mining

Mining Honeypots Cloud Security

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

” reads the analysis published by Symantec. “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. Then the mining script is activated and starts abusing devices resources to mine Monero cryptocurrency.

Mining

Mining Libraries Analytics Security

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

” reads the analysis published by Microsoft. ” Talos researchers also updated the list of IOCs to include information about mining activity carried out by exploiting the CVE-2021-44228 flaw. The researchers spotted mining activity aimed at delivering of the Kinsing crypto-miner. Pierluigi Paganini.

Mining

Mining Honeypots Libraries IT

MrbMiner cryptojacking campaign linked to Iranian software firm

Security Affairs

JANUARY 23, 2021

Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. ” continues the analysis. ” continues the analysis.

Mining

Mining Communications Access Privacy

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Half of the images discovered by the expert were using a shared mining pool, by he estimated that threat actors mined US$200,000 worth of cryptocurrencies in a two-year period.

Mining

Mining Libraries Cloud Security

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. .” reads the Tweet published by the Microsoft Security Intelligence team.

Mining

Mining File names Risk Cybersecurity

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. ” continues the report.

Mining

Mining Passwords Communications IT

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

The bot also kills competing malware, including crypto mining and cloud-focused malware, on the same systems. ” reads the analysis published by the experts. ” concludes the analysis. ” concludes the analysis. “However, the code used to download the third payload appears to be commented-out.”

Cloud

Cloud Mining Access Security

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs

OCTOBER 6, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Honeypots

Honeypots Security Mining Cybersecurity

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

” reads the analysis published by the expert. ” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. .” ” continues the analysis.

ROT

ROT Mining Encryption IT

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

” reads the analysis published by Lumen Technologies. The analysis of the infections from mid-June to mid-July 2022 revealed that most of the bots are located in Europe, specifically Italy. ” continues the report. . ” continues the report. Other infections were observed in North and South America and Asia Pacific.

Mining

Mining Financial Services IT Security

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

What’s the difference between data mining and text mining?

OpenText Information Management

MARCH 13, 2019

Even though data mining and text mining are often seen as complementary analytic processes that solve business problems through data analysis, they differ on the type of data they handle. appeared first on OpenText Blogs.

Mining

Mining Analytics

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . ” reads the analysis published by Avast. The final stage of the Crackonosh attack chain is the installation of the coinminer XMRig to mine the Monero (XMR) cryptocurrency.

Mining

Mining File names Security IT

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. ” states the analysis published by Palo Alto Networks. aws/credentials and ~/.aws/config Containers that ran xmr.sh

Mining

Mining Libraries Encryption Access

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. ” reads the analysis published by CrowdStrikes. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. ”reads the analysis published by Microsoft. For example, the MSI package used in the campaign contains different files” continues the analysis.

File names

File names Encryption Mining Security

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

In our analysis, we found Pro-Ocean targeting Apache ActiveMQ (CVE-2016-3088), Oracle WebLogic (CVE-2017-10271) and Redis (unsecure instances).” ” reads the analysis published by Palo Alto Networks. ” continues the analysis. “Pro-Ocean uses known vulnerabilities to target cloud applications.

Cloud

Cloud Libraries Mining IT

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

” reads the analysis published by F-Secure. ” continues the analysis. The service creates multiple threads to carry out several malicious activities, such as data exfiltration and mining. Further information, including IoCs are reported in the analysis published by F.Secure. then it deletes itself.

Mining

Mining File names IT Access

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

” reads the analysis published by Trend Micro. The botnet is currently involved in cryptocurrency mining activity, it delivers the XMRig Monero (XMR) miner onto the infected machines. . “We also discovered that most of the proxy servers used have open services with multiple vulnerabilities. for spreading.

Mining

Mining File names Security IT

Blue Mockingbird Monero-Mining campaign targets web apps

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Webinars

Trending Sources

Ngrok Mining Botnet

Webinars

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Hackers Used Malicious Docker Images to Mine Monero

Pacha Group declares war to rival crypto mining hacking groups

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Improve safety using root cause analysis and strengthening information management

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

New MrbMiner malware infected thousands of MSSQL DBs

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

How Cryptocurrency Turns to Cash in Russian Banks

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Previously undetected VictoryGate Botnet already infected 35,000 devices

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

‘Spider-Man: No Way Home’ used to spread a cryptominer

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Cryptomining DreamBus botnet targets Linux servers

Abcbot and Xanthe botnets have the same origin, experts discovered

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Log4Shell was in the wild at least nine days before public disclosure

MrbMiner cryptojacking campaign linked to Iranian software firm

30 Docker images downloaded 20M times in cryptojacking attacks

Crooks spread malware via pirated movies during COVID-19 outbreak

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

A new version of the Abcbot bot targets Chinese cloud providers

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

MyKings botnet operators already amassed at least $24 million

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

What’s the difference between data mining and text mining?

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Lemon_Duck cryptomining botnet targets Docker servers

Microsoft warns of Dexphot miner, an interesting polymorphic threat

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Stay Connected