Mining and Tools - Information Management Today

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. in the collaboration tool Atlassian Confluence. .

Mining

Mining File names Ransomware Cloud

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft.

Mining

Mining Phishing Passwords Access

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. SecurityAffairs – hacking, cryptocurrency mining).

Mining

Mining Cloud IoT IT

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. This is the first bot that abuses the infrastructure-as-code (IaC) tools , such as Ansible , Chef , and Salt Stack. for spreading. Follow me on Twitter: @securityaffairs and Facebook.

Mining

Mining File names Security IT

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. “The group is using a new detection evasion tool, copied from open source repositories,” reads the analysis published by AT&T Alien Labs. . Drop and activate the new tool as service.

Libraries

Libraries IT Mining Security

Israel surveillance firm NSO group can mine data from major social media

Security Affairs

JULY 19, 2019

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media. Pierluigi Paganini.

Mining

Mining Cloud Archiving Sales

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

It is common for developers to use debugging tools with elevated privileges while they are trying to troubleshoot their code. In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public. Security Affairs – debugging tools , hacking).

Mining

Mining IoT Blockchain Risk

Free Tool: Honey Feed

Security Affairs

FEBRUARY 18, 2019

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. Hi folks, today I’d like to point you out another tool of mine which extracts suspicious IPs from undesired connections. In other words: HoneyPots. Edited by Pierluigi Paganini.

Honeypots

Honeypots Computer and Electronics Mining Cybersecurity

Necro botnet now targets Visual Tools DVRs

Security Affairs

OCTOBER 12, 2021

The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR. Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems.

Mining

Mining IT Security IoT

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

” The email tricks recipients by claiming they have been selected for a junior developer role and must join a recruitment call by downloading a CRM tool via an embedded link. The executable then downloads a text file containing XMRig configuration details to initiate mining activities. ” concludes the report.

Phishing

Phishing Mining Authentication Communications

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

Security Affairs

JUNE 11, 2020

” Hackers are targeting Kubernetes clusters because nodes used from ML operations have huge computational capabilies making them ideal for fraudulent mining purposes. This fact makes Kubernetes clusters that are used for ML tasks a perfect target for crypto mining campaigns, which was the aim of this attack.”

Mining

Mining Access Security IT

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. You can mine them, if you have a powerful CPU. Bilogorskiy.

Mining

Mining Cloud Ransomware Passwords

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors used a large set of open-source tools in the attacks. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Upon infecting Docker and Kubernetes systems running on top of AWS servers, the bot scans for ~/.aws/credentials

Mining

Mining Metadata Authentication Security

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Executes the script to start mining for the Monero cryptocurrency. aws/credentials and ~/.aws/config

Mining

Mining Cloud Security IT

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

The malware uses the victim’s resource to mine cryptocurrency, steals cryptocurrency wallet-related files, and replaces wallet addresses in the clipboard to hijack cryptocurrency payments. Both of these programs are set up to connect to an operator-controlled mining server over the Tor proxy.” ” reads the report.

Mining

Mining Communications IT Security

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The suspect is believed to have mined over USD 2 million (EUR 1.8 ” An unnamed cloud service provider supported the investigation for months. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

Mining

Mining Cloud Access Authentication

New Attack Campaign Targets Poorly Managed Linux SSH Servers

Data Breach Today

DECEMBER 27, 2023

Wave of Attacks Affects ShellBot, Tsunami, ChinaZ DDoS Bot and XMRig CoinMiner Hackers are targeting Linux Secure Shell servers to install tools for port scanning and dictionary attacks to compromise other vulnerable servers, forming a network for cryptocurrency mining and distributed denial-of-service attacks, say researchers at AhnLab Security Emergency (..)

Mining

Mining Security

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018.

Mining

Mining Passwords Education Cybersecurity

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Security Affairs

JULY 7, 2022

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi , that is targeting the NPM JavaScript package repository.

Mining

Mining Security IT Information Security

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Security Affairs

AUGUST 30, 2024

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. A second threat actor used a shell script to execute cryptocurrency mining activities across all accessible endpoints in the customer environment using Secure Shell (SSH).

Mining

Mining Cloud Risk Security

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs. “Over the weekend we’ve seen a crypto-mining worm spread that steals AWS credentials. Review network traffic for any connections to mining pools, or using the Stratum mining protocol.

Mining

Mining Security Access IT

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.”

Blockchain

Blockchain Mining Honeypots Security

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These techniques include numerous modules that exploit implicit trust, weak passwords, and unauthenticated remote code execution (RCE) vulnerabilities in popular applications, including Secure Shell (SSH), IT administration tools, a variety of cloud-based applications, and databases.” Ransomware, data theft).

Mining

Mining Passwords Communications Ransomware

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Half of the images discovered by the expert were using a shared mining pool, by he estimated that threat actors mined US$200,000 worth of cryptocurrencies in a two-year period.

Mining

Mining Libraries Cloud Security

Other 3,700 MikroTik Routers compromised in cryptoJacking campaigns

Security Affairs

SEPTEMBER 10, 2018

Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns. Thousands of unpatched devices are mining for cryptocurrency at the moment. Now the researcher Troy Mursch noticed that the infected MikroTik routers from the latest campaign open a websockets tunnel to a web browser mining script.

Mining

Mining IoT Libraries Security

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.”

Mining

Mining Libraries Analytics Security

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Upon infecting Docker and Kubernetes systems running on top of AWS servers, the bot scans for ~/.aws/credentials

Mining

Mining Libraries Encryption Access

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

.” Talos researchers also updated the list of IOCs to include information about mining activity carried out by exploiting the CVE-2021-44228 flaw. The researchers spotted mining activity aimed at delivering of the Kinsing crypto-miner.

Mining

Mining Honeypots Libraries IT

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022. ” concludes the report.

File names

File names Communications Mining Archiving

Linux Cryptocurrency miner leverages rootkit to avoid detection

Security Affairs

NOVEMBER 11, 2018

. “We recently encountered a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.Linux.KORKERDS.AB) affecting Linux systems,” reads the report published by TrendMicro. . “The rootkit component of the cryptocurrency-mining malware is a slightly modified/repurposed version of a publicly available code.

Mining

Mining IT Security

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Shutdown the PC. Open a URL.

Mining

Mining Cloud Security IT

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. .” reads the Tweet published by the Microsoft Security Intelligence team.

Mining

Mining File names Risk Cybersecurity

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. SecurityAffairs – hacking, mining).

Mining

Mining Data structuring Business Services Encryption

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The tools associated with this attack are: • Mimikatz (credential theft) • MinerGate (crypto mining) • WinPEAS (privilege escalation) • SharpWMI (Windows Management Instrumentation) • BitLocker activation when not anticipated (data encryption) • WinRAR where not expected (archiving) • FileZilla where not expected (file transfer).

Government

Government Mining Archiving Encryption

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

The bot also kills competing malware, including crypto mining and cloud-focused malware, on the same systems. Upon execution, the shell script calls a number of functions sequentially, the first one named nameservercheck disables SELinux protections and creates a backdoor. ” concludes the analysis.

Cloud

Cloud Mining Access Security

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

The Ezuri memory loader tool allows to load and execute a payload directly into the memory of the infected machine, without writing any file to disk. In case, the password is not provided, the tool generates one. Experts pointed out that while this technique common in Windows malware, it is rare in Linux attacks.

Encryption

Encryption Passwords Mining IT

Updated macOS Cryptominer Uses Fresh Evasion Techniques

Data Breach Today

JANUARY 12, 2021

Researchers: OSAMiner Uses Run-Only AppleScripts for Obfuscation Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero. The latest iteration uses new techniques to help prevent detection by security tools.

Mining

Mining Security

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

It’s a PPSX file, seemingly an outdated US Army manual for tank mine clearing blades (MCB). The payload includes a dynamic-link library (vpn.sessings) that injects the post-exploitation tool Cobalt Strike Beacon into memory and awaits commands from the C2 server. The PPSX file contains a remote link to an external OLE object.

Military

Military Mining Libraries Security

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies. Docker Trusted Registry ).

Mining

Mining Systems administration Encryption Authentication

Blue Mockingbird Monero-Mining campaign targets web apps

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Webinars

Trending Sources

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Webinars

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

TeamTNT group adds new detection evasion tool to its Linux miner

Israel surveillance firm NSO group can mine data from major social media

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Free Tool: Honey Feed

Necro botnet now targets Visual Tools DVRs

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

TeamTNT botnet now steals Docker API and AWS credentials

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

New KryptoCibule Windows Trojan spreads via malicious torrents

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

New Attack Campaign Targets Poorly Managed Linux SSH Servers

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

TeamTNT is the first cryptomining bot that steals AWS credentials

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Cryptomining DreamBus botnet targets Linux servers

30 Docker images downloaded 20M times in cryptojacking attacks

Other 3,700 MikroTik Routers compromised in cryptoJacking campaigns

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Log4Shell was in the wild at least nine days before public disclosure

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Linux Cryptocurrency miner leverages rootkit to avoid detection

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Crooks spread malware via pirated movies during COVID-19 outbreak

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

APT hacked a US municipal government via an unpatched Fortinet VPN

A new version of the Abcbot bot targets Chinese cloud providers

Ezuri memory loader used in Linux and Windows malware

Updated macOS Cryptominer Uses Fresh Evasion Techniques

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Stay Connected