Monday, February 18, 2019
Home Tags Malware

Tag: malware

Fake MetaMask Crypto Malware Pulled From Google Play After Tip-Off

An app masquerading as DApp MetaMask contained malware that aimed to steal coins by replacing wallet addresses. Decentralized app (DApp) MetaMask is facing fresh problems from cryptocurrency scammers after malware impersonating the tool appeared on Google Play, cybersecurity company Eset reported Feb. 8. The malware, which replaces computer clipboard information in an attempt to steal cryptocurrency, was removed by Google at the beginning of the month after a tip-off from Eset researchers. Known as a ‘Clipper,’ the malware replaces copied cryptocurrency wallet addresses with an address belonging to an attacker in the hope funds will be sent elsewhere without the user noticing. The discovery marked the first time such malware had made it past Google’s vetting procedures, the security firm notes. “The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask,” Eset explained, continuing:..

New Instance of Monero Malware Sees Cryptojackers Target Linux Users

The modified Shellbot trojan is thought to have originated from a Romanian hacker collective. More cryptocurrency mining malware continues to target major corporations, hijacking victims to mine altcoin Monero (XMR), new research warned on Feb. 5. Findings from the Special Ops team at United States cybersecurity company JASK reveal a modified version of trojan Shellbot has become increasingly prevalent since its debut in November last year. The perpetrators, the company says, appear to be a Romanian hacker group known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware installs. “The toolkit observed [...] in use by the attacker contains three primary components: IRC (Internet Relay Chat) botware for Command and Control (C2), a revenue stream via Monero mining, and a popular scan and brute force tool, haiduc,” JASK confirmed. The latest threat specifically targets users of devices running Linux. In mid-January, research ..

CookieMiner Malware Tries to Hack Mac Users’ Cryptocurrency Exchange Accounts, Report

The malware seeks to bypass multi-factor authentication by stealing a range of data, says Palo Alto Networks. A new form of malware steals cookies from cryptocurrency exchanges and other data in an attempt to hack user accounts, cybersecurity research team Palo Alto Networks reported on Jan. 31. CookieMiner, a progression of OSX.DarthMiner, is a malware targets Mac users, stealing saved Google Chrome passwords, iPhone SMS messages and iTunes backups on tethered machines and more. Along with the cookies, the goal of the malware is to gain access to cryptocurrency exchange accounts. According to Palo Alto, the hackers assume a combination of the stolen data would allow them to bypass the multi-layer authentication that many exchange users set up to provide additional security. “If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves,” the firm summarized. As its name suggests, t..

Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report

A new cryptojacking malware reportedly has the ability to disable cloud-based security measures to avoid detection on Linux-based servers. A new cryptojacking malware has the ability to disable cloud-based security measures to avoid detection on Linux servers, research by information security company Palo Alto Networks Jan. 17 reveals. The malware in question mines Monero (XMR) and is reportedly a modified version of one used by the so-called “Rocke” group, originally discovered by cybersecurity firm Talos in August last year. According to the research, one of the first things that the malware does is check for other cryptocurrency mining processes and add firewall rules to block any other cryptojacking malware. The virus reportedly also searches for cloud security services by Chinese internet giants Tencent and Alibaba and neutralizes them in an attempt to remain concealed. Ryan Olson, vice president for threat intelligence at Palo Alto Networks explained: “This evolution indicates t..

Windows Torrent File Malware Can Swap Out Crypto Addresses, Researcher Warns

Latest crypto-related malware hides in a movie file on The Pirate Bay and targets specifically Windows PCs, Bleeping Computer reports. New malware posing as a movie file from torrent website The Pirate Bay (TPB) can manipulate web pages and replace Bitcoin (BTC) and Ether (ETH) addresses, computing magazine Bleeping Computer reported Jan. 12. The malware — originally thought to inject advertising on Google and in search results — in fact performs multiple actions, some of which were discovered by the publication’s own researcher Lawrence Abrams. “What appeared to be an ad-injector into the main Google search page turned out to be only the tip of the iceberg,” the researchers warned. The file containing malicious code poses as a movie file on TPB, specifically for the movie The Girl in the Spider's Web. In reality, along with ads and manipulating search results to show certain links first, the malware is also able to swap out cryptocurrency wallet addresses for ones owned by the a..

Despite Bear Market, Crypto Mining Malware Tops Threat Index for 13th...

Three strains of crypto mining malware have topped the latest Global Threat Index from Israeli cybersecurity firm Check Point. Three strains of crypto mining malware have topped the latest Global Threat Index from Israeli cybersecurity firm Check Point, according to a press release published on Jan. 14. Check Point Software Technologies Ltd. is a security solution provider for governments and enterprises globally, with over 100,000 organizations reported to be currently using its security management system. As reported, stealth crypto mining attacks — also known as cryptojacking — work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Check Point’s Global Threat Index for December 2018, the top three most wanted malware strains were all cryptojacking-related — with Coinhive, a web browser-based Monero (XMR) mining code — sealing the top spot for the 13th consecutive month. Ranked second and..

Malware Study Claims Criminals Mined 4.4 Percent of Monero, Less Than...

Previous estimates had put the mining malware figure at around 5 percent, but authors of the latest study claim their calculations are more reliable. Cryptocurrency mining malware is responsible for less of the supply of altcoin Monero (XMR) in circulation than previously thought, new research published Jan. 3 claims. A joint effort by researchers at King’s College London and Carlos III University in Madrid, Spain, the study analyzed huge swathes of malware over a twelve-year period. “In this paper, we conduct the largest measurement of crypto-mining malware to date, analyzing approximately 4.4 million malware samples (1 million malicious miners),” authors Sergio Pastrana and Guillermo Suarez-Tangil confirm. According to their calculations, Monero, which continues to be a favorite target for malicious mining operations, has an illicit supply of around 4.36 percent — or roughly $56 million in profits. The figure is somewhat less than the roughly 5 percent mentioned as an estimate in pr..

Crypto Mining Malware up Over 4,000% in 2018, Says McAfee Report

McAfee Labs: Cryptojacking rose by over 4000 percent in 2018, and threat actors are now targeting IoT devices. Cryptojacking malware activity rose by over 4000 percent in 2018, according to a new quarterly report published by cyber security firm McAfee Labs, Dec. 18. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The McAfee statistic of over 4000 percent specifically refers to total instances of a cryptojacking malware, referred to in the study as “coin miner.” The report extends to a range of new crypto mining malware threat vectors, which notably include a spike in new malware targeting Internet of Things (IoT) devices: “New [mining] malware targeting IoT devices grew 72%, with total malware growing 203% in the last four quarters. New coinmining malware grew nearly 55%, with total malware growing 4,467% in the last four quarters.” As the report notes, the rise in IoT-targeting threats is som..

Cryptojacking Overtakes Ransomware as Top Malware in Some Countries

Malware that uses infected hardware for mining crypto without authorization has become the top cyber threat in certain countries. Cryptojacking, the unauthorized use of another’s hardware to mine cryptocurrency, has become the biggest cyber threat in many parts of the world, Bloomberg reported Dec. 14. According to research from cyber security research firm Kaspersky Lab, cryptojacking overtook ransomware as the biggest cybersecurity threat particularly in the Middle East, Turkey, and Africa. In Afghanistan and Ethiopia over one out of four detected malware are cryptocurrency miners, according to Kaspersky’s data. As cited by the Bloomberg, Kaspersky’s research “shows crypto mining attacks have risen almost fourfold in the region, from 3.5 million in 2017 to 13 million this year.” The cybersecurity firm reportedly also claimed that cryptojacking incidents are “likely to continue given the increased use of digital currencies.” A report released by Kaspersky in November declares that th..

Report: Number of Routers Affected by Crypto Malware Doubled Since August,...

A security researcher claims that the number of MikroTik routers affected by cryptojacking malware has doubled since August 2018. The number of MikroTik routers affected by cryptojacking malware has repotedly doubled since summer 2018, reaching 415,000, security researcher VriesHd tweeted Sunday, Dec. 2. Since August, VriesHd has been reporting on crypto malware that targets routers and forces them to mine cryptocurrencies along with the researchers from Bad Packets Report. They revealed that routers by Mikrotik, a Latvian manufacturer of network equipment, were compromised by at least 16 different types of malware including Coinhive, a cryptojacking software mining privacy-oriented cryptocurrency Monero (XMR). By September the estimated number of compromised routers surpassed 280,000, according to Bad Packets. In the recent tweet VriesHd explains that he has only checked three possible ways to abuse MikroTik, although there may be several more. VriesHd’s review, which is only based o..
- Advertisement -