Mining and Trends - Information Management Today

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The gap is being abused for malicious cryptocurrency mining.”

Mining

Mining File names Ransomware Cloud

Google Removes Fake Crypto-Mining Apps

Data Breach Today

AUGUST 24, 2021

Researchers Say Users Paid Fees for Fake Mining Services Google has removed eight fake crypto-mining apps from its Play Store, but security researchers have flagged 120 similar apps still available on the store, according to Trend Micro. Users paid for services the eight apps never delivered.

Mining

Mining Security IT

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them.

Mining

Mining Cloud IoT IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Mining

Mining Metadata Authentication Security

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. LW: What’s going on in the wild that illustrates this trend? Cryptojacking was born.

Mining

Mining Data breaches Ransomware Cloud

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. ” reads the analysis published by Trend Micro. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. aws/credentials and ~/.aws/config

Mining

Mining Cloud Security Access

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Security Affairs

AUGUST 30, 2024

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. Trend Micro researchers observed this vulnerability being actively exploited for cryptomining activities, with a surge in exploitation attempts from mid-June to the end of July 2024.

Mining

Mining Cloud Risk Security

Government Websites Deliver Cryptocurrency Mining Code

Data Breach Today

FEBRUARY 12, 2018

and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware.

Mining

Mining Government Ransomware Security

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

” It only took one month from this warning until researchers at Trend Micro identified suspicious port scans on TCP port 5555. ” The Trend Micro researchers’ analysis shows a fairly typical command & control (C&C) malware infection process with many similarities to the Satori variant of the Mirai botnet.

Mining

Mining IoT Blockchain Risk

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. Cyber trends and threats that we identified in the world are likely to occur in Asia. Increasingly often, state-sponsored hackers are focusing on vulnerabilities in home routers.

Phishing

Phishing Manufacturing Marketing Blockchain

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware. ” reads the analysis published by Trend Micro. for spreading.

Mining

Mining File names Security IT

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Security Affairs

SEPTEMBER 30, 2021

Trend Micro researchers have spotted crypto-mining campaigns that are actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux. ” states Trend Micro. ” states Trend Micro. Pierluigi Paganini.

Mining

Mining Authentication Marketing Security

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. ” reads the analysis published by Trend Micro. “The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background.

Mining

Mining Honeypots Cloud Passwords

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

Trend Micro researchers reported that the EdgeRouter botnet , called Moobot , used by the APT28 group is still active and is also used by cyber criminal organizations. Trend Micro also discovered that at least two prominent cybercriminal groups and the Russia-linked APT group Pawn Storm used the botnet. ” reported Trend Micro.

Healthcare

Healthcare Phishing Mining e-Discovery

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but the new feature was added only recently. It’s the first worm we’ve seen that contains such AWS specific functionality.

Mining

Mining Security Access IT

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Cybercriminals continue to abuse unprotected Docker APIs to create new containers used for cryptojacking, Trend Micro warns. Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency.

Mining

Mining Systems administration Encryption Authentication

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

An early version of the bot was initially documented in October by Trend Micro researchers. The bot also kills competing malware, including crypto mining and cloud-focused malware, on the same systems. The sample also downloads one of the additional ELF binary payloads observed by Trend Micro and saves it as “abchello”.”

Cloud

Cloud Mining Access Security

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

action in network access logs presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory In September 2022, threat actors were observed targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign.

Mining

Mining Access Authentication Cloud

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader script to victims. ” continues Trend Micro. Moreover, the sample that abused Teams came from an unknown, external sender.” ” concludes the report.

Mining

Mining Ransomware Access IT

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Gather operating system information.

Mining

Mining Cloud Security IT

New Linux coin miner kills competing malware to maximize profits

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. ” reads the analysis published by Trend Micro. ” concludes Trend Micro. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Honeypots

Honeypots Mining Security IT

Your Garage Opener Is More Secure Than Industrial Remotes

Data Breach Today

JANUARY 16, 2019

Trend Micro Says It Moved Cranes Using RF Software Flaws Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says in a new report.

Mining

Mining Manufacturing Security Communications

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

Linux Cryptocurrency miner leverages rootkit to avoid detection

Security Affairs

NOVEMBER 11, 2018

Researchers from Trend Micro spotted a new cryptocurrency miner that leverages a rootkit component to hide its presence on the infected systems. “We recently encountered a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.Linux.KORKERDS.AB) affecting Linux systems,” reads the report published by TrendMicro. .

Mining

Mining IT Security

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

Mining

Mining Honeypots Cloud Security

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. aws/credentials and ~/.aws/config aws/credentials and ~/.aws/config

Mining

Mining Libraries Encryption Access

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Libraries

Libraries IT Mining Security

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

MARCH 20, 2024

Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) ” reads the report published by Trend Micro. In other instances analyzed by Trend Micro, threat actors deployed a variant of the open-source XMRig cryptocurrency-mining malware to vulnerable TeamCity servers.

Authentication

Authentication Ransomware Mining Risk

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part of an ongoing campaign that started in October. ” reads the analysis published by Trend Micro. . ” reads the analysis published by Trend Micro. ” continues the analysis.

Mining

Mining Security IT Information Security

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. ” states Trend Micro. “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.!

Mining

Mining File names Libraries IT

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

” reads the analysis published by Trend Micro. launching DDoS attacker, mining cryptocurrency, etc.). In the campaign observed by Trend Micro, the bot was deployed using the docker exec command to misconfigured containers. “Once an open port is identified, a connection asking for running containers is established.

File names

File names Mining Access Communications

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

“Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we observed exploit attempts targeting this PHP flaw on our honeypot network within 24 hours of its disclosure.” ” reported Akamai. The script also cleans up the temporary files for obfuscation.

Honeypots

Honeypots File names Mining IoT

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

MAY 17, 2022

Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data from infected devices. Trend Micro researchers also discovered 40 fake cryptocurrency miner apps that are variants of similar apps that they discovered in August 2021.

Mining

Mining Cloud Cybersecurity Security

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

SEPTEMBER 17, 2019

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. Skidmap is a new piece of crypto-miner detected by Trend Micro that target Linux machines, it uses kernel-mode rootkits to evade the detection. ” Trend Micro concludes.

Access

Access Passwords Authentication Mining

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. “This aspect of the campaign expands the mining operation to support computers running Linux. Upon infecting a device, the malware delivers an XMRig Monero (XMR) miner.

Mining

Mining Passwords Authentication Access

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

In September 2021, Trend Micro researchers spotted crypto-mining campaigns that were actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux.

Mining

Mining Authentication Security Cybersecurity

Cranes, drills and other industrial machines exposed to hack by RF protocols

Security Affairs

JANUARY 15, 2019

Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines.

Communications

Communications Mining Risk Manufacturing

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

to mine Monero, unlike 2019 variant, it uses a Python infection script to implement “wormable” capabilities. “Cryptojacking malware targeting the cloud is evolving as attackers understand the potential of that environment to mine for crypto coins. ” continues the analysis. Pro-Ocean deploys an XMRig miner 5.11.1

Cloud

Cloud Libraries Mining IT

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

.” Experts observed a spike in the activity of Beapy in March: Since Coinhive cryptocurrency mining service shut down in March, experts observed a drop in cryptojacking attacks. Unlike Coinhive, Beapy is a file-based miner that must be installed by attackers on the victims’ machines in order to mine cryptocurrency.

Mining

Mining Archiving Phishing Passwords

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

bin, researchers also observed the use of a cryptocurrency mining module. . Upon connecting to the command-and-control server, the malware downloads the first malicious payload in the form of a.msi file, which deploys a.vbs file used to execute other processes, as well as uninstall.dll and engine.bin. SecurityAffairs – hacking, malware).

Phishing

Phishing Mining Libraries Encryption

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

As stated in a recent Eset report , the Shade infection had an increase during October 2018, keeping a constant trend until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size (shown in Figure 1). Trend of malicious JavaScript downloading Shade ransomware (source: ESET).

Ransomware

Ransomware Mining File names Encryption

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Google Removes Fake Crypto-Mining Apps

Webinars

Trending Sources

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Webinars

TeamTNT botnet now steals Docker API and AWS credentials

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Government Websites Deliver Cryptocurrency Mining Code

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Russia-linked APT28 and crooks are still using the Moobot botnet

TeamTNT is the first cryptomining bot that steals AWS credentials

Crooks continue to abuse exposed Docker APIs for Cryptojacking

A new version of the Abcbot bot targets Chinese cloud providers

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

DarkGate malware campaign abuses Skype and Teams

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

New Linux coin miner kills competing malware to maximize profits

Your Garage Opener Is More Secure Than Industrial Remotes

Android Botnet leverages ADB ports and SSH to spread

Linux Cryptocurrency miner leverages rootkit to avoid detection

Abcbot and Xanthe botnets have the same origin, experts discovered

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

TeamTNT group adds new detection evasion tool to its Linux miner

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Lemon_Duck cryptomining botnet targets Docker servers

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Lemon_Duck cryptomining malware evolves to target Linux devices

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Cranes, drills and other industrial machines exposed to hack by RF protocols

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Phishing campaign targets LATAM e-commerce users with Chaes Malware

The Long Run of Shade Ransomware

Stay Connected