Analysis, Mining and Security - Information Management Today

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. ” reads the analysis published by 360 Netlab. The mining program is composed of unity_install.sh The malware was designed to abuse NAS resources and mine cryptocurrency. and Quick.tar.gz.

Mining

Mining Ransomware Security IT

Ngrok Mining Botnet

Security Affairs

SEPTEMBER 22, 2018

Specifically, it demonstrates a novel, dynamic and robust operational security model and the ability to detect and attack newly deployed and misconfigured infrastructure. Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. Whaler – attack types and analysis.

Mining

Mining Honeypots Security IT

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. ” continues the report. Pierluigi Paganini.

Mining

Mining Cloud Security IT

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

MARCH 15, 2023

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. ” reads the analysis published by Crowdstrike. The mining efforts by the pods are contributed back to a community pool, which distributes the reward (i.e., ” continues the report.

Mining

Mining Privacy IT Access

Improve safety using root cause analysis and strengthening information management

OpenText Information Management

NOVEMBER 13, 2024

The energy and resources sector including utilities, oil and gas, chemicals, and metals & mining is one of the most hazardous in the world. Great AI requires great information management because the results from generative AI will be more correct and trusted when information is organized, connected, automated, and secured.

Energy and Utilities

Energy and Utilities Mining Communications Risk

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs

OCTOBER 6, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Honeypots

Honeypots Security Mining Cybersecurity

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. The WatchDog botnet has been active at least since Jan.

Mining

Mining Cloud Access Security

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

Evasion checks supported by the malicious code include detecting debuggers, verifying active processes, checking CPU core count, and scanning for malware analysis tools. The executable then downloads a text file containing XMRig configuration details to initiate mining activities. ” concludes the report.

Phishing

Phishing Mining Authentication Communications

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

” reads the analysis published by Trend Micro. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Pierluigi Paganini.

Mining

Mining Cloud Security IT

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The suspect is believed to have mined over USD 2 million (EUR 1.8 ” An unnamed cloud service provider supported the investigation for months. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

Mining

Mining Cloud Access Authentication

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Security Affairs

JANUARY 4, 2024

The code decodes and retrieves a shell script (“unmi.sh”) from a remote server, in turn, it fetches a configuration file for the mining activity along with the CoinMiner file hosted on GitLab. This file outlines the cryptocurrency mining setting. ” reads the analysis published by Fortinet.

Mining

Mining IT Security Information Security

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. The security firm with the help of No-IP and the non-profit Shadowserver Foundation was able to take them all down. ” continues the analysis.

Mining

Mining Communications IT Security

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

com) — is registered as a money service business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The analysis also showed nearly all 56 exchanges used services from Cloudflare , a global content delivery network based in San Francisco. formerly certa-pay[.]com) su , grumbot[.]com ”

Blockchain

Blockchain Mining Marketing IT

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Patch it now!

Security

Security e-Discovery Artificial Intelligence Ransomware

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. ” reads the analysis published by Palo Alto Networks Unit42. ” continues the analysis. ” concludes the analysis.

Mining

Mining Passwords Authentication Access

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public. ” These are very powerful functions for debugging tools, and also useful for executing malicious code without being trapped by the usual security controls.

Mining

Mining IoT Blockchain Risk

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.

Mining

Mining Libraries Cybersecurity Security

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These techniques include numerous modules that exploit implicit trust, weak passwords, and unauthenticated remote code execution (RCE) vulnerabilities in popular applications, including Secure Shell (SSH), IT administration tools, a variety of cloud-based applications, and databases.” ” continues the analysis.

Mining

Mining Passwords Communications Ransomware

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020. Pierluigi Paganini.

Mining

Mining Honeypots Cloud Security

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” reads the analysis published by Guardicore.

Mining

Mining Passwords Education Cybersecurity

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

Security researchers discovered a new botnet, named Abcbot , that focused on Chinese cloud hosting providers over the past months. In November, researchers from Qihoo 360’s Netlab security team spotted the Abcbot botnet that was targeting Linux systems to launch distributed denial-of-service (DDoS) attacks. Pierluigi Paganini.

Cloud

Cloud Mining Access Security

MrbMiner cryptojacking campaign linked to Iranian software firm

Security Affairs

JANUARY 23, 2021

Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. ” continues the analysis. ” continues the analysis. Pierluigi Paganini. SecurityAffairs – hacking, mrbminer ).

Mining

Mining Communications Access Privacy

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. ” reads the analysis published by Symantec. Then the mining script is activated and starts abusing devices resources to mine Monero cryptocurrency.

Mining

Mining Libraries Analytics Security

‘Spider-Man: No Way Home’ used to spread a cryptominer

Security Affairs

DECEMBER 25, 2021

” reads the analysis published by ReasonLabs. The resource contains information for the mining activity, the researchers identified a self-compiled version of the XMrig open-source miner containing information such as username, password, algorithm, and mining pool. mp4” format. Pierluigi Paganini.

Mining

Mining Passwords IT Security

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

— Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020. ” reads the Tweet published by the Microsoft Security Intelligence team. . ” reads the Tweet published by the Microsoft Security Intelligence team. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing.

Mining

Mining File names Risk Cybersecurity

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

” reads the analysis published by Microsoft. ” Talos researchers also updated the list of IOCs to include information about mining activity carried out by exploiting the CVE-2021-44228 flaw. The researchers spotted mining activity aimed at delivering of the Kinsing crypto-miner. Pierluigi Paganini.

Mining

Mining Honeypots Libraries IT

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

” reads the analysis published by Trend Micro. “The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.”

Mining

Mining Honeypots Cloud Passwords

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . ” reads the analysis published by Avast. Adaware Bitdefender Escan F-secure Kaspersky Mcafee (scanner only) Norton Panda. Follow me on Twitter: @securityaffairs and Facebook.

Mining

Mining File names Security IT

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. ” continues the report.

Mining

Mining Passwords Communications IT

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Half of the images discovered by the expert were using a shared mining pool, by he estimated that threat actors mined US$200,000 worth of cryptocurrencies in a two-year period.

Mining

Mining Libraries Cloud Security

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. . Pierluigi Paganini.

File names

File names Encryption Mining Security

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

” reads the analysis published by Lumen Technologies. The analysis of the infections from mid-June to mid-July 2022 revealed that most of the bots are located in Europe, specifically Italy. The post Go-based Chaos malware is rapidly growing targeting Windows, Linux and more appeared first on Security Affairs.

Mining

Mining Financial Services IT Security

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

JUNE 15, 2020

Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.

Ransomware

Ransomware Mining Encryption Access

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining

Mining Libraries Encryption Access

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit. Excellent analysis of the previous version by AWAKE’s Patrick Olsen: [link].

Mining

Mining IoT Cloud Security

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

” reads the analysis published by the expert. ” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. .” ” continues the analysis.

ROT

ROT Mining Encryption IT

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

million, according to a report published by security researchers at Symantec. The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. ” reads the analysis published by Symantec. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Mining

Mining Archiving Security Cybersecurity

Blue Mockingbird Monero-Mining campaign targets web apps

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Webinars

Trending Sources

Ngrok Mining Botnet

Webinars

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Pacha Group declares war to rival crypto mining hacking groups

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Improve safety using root cause analysis and strengthening information management

New MrbMiner malware infected thousands of MSSQL DBs

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Previously undetected VictoryGate Botnet already infected 35,000 devices

How Cryptocurrency Turns to Cash in Russian Banks

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Cryptomining DreamBus botnet targets Linux servers

Abcbot and Xanthe botnets have the same origin, experts discovered

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

A new version of the Abcbot bot targets Chinese cloud providers

MrbMiner cryptojacking campaign linked to Iranian software firm

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

‘Spider-Man: No Way Home’ used to spread a cryptominer

Crooks spread malware via pirated movies during COVID-19 outbreak

Log4Shell was in the wild at least nine days before public disclosure

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

30 Docker images downloaded 20M times in cryptojacking attacks

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Black Kingdom ransomware operators exploit Pulse VPN flaws

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

MyKings botnet operators already amassed at least $24 million

Clipminer Botnet already allowed operators to make at least $1.7 Million

Stay Connected