Home Tags Malware
A cybersecurity firm has discovered a new strain of Monero mining malware, which contains code that hides the miner from Task Manager. Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero cryptocurrency. One of the key features of Norman is that it will close the crypto mining process in response to a user opening up Task Manager. Then, after Task Manager closes, Norman uses a p..
Smominru, Monero-mining malware found on at least half a million computers, now also steals user data. Malware Smominru mines Monero (XMR) on at least half a million infected computers and now also steals sensitive personal data. An updated malwareCybersecurity company Carbon Black claimed that its Threat Analysis Unit “uncovered a secondary component in a well-known cryptomining campaign” in a report published on Aug. 7. According to the firm, the malware has now been updated to “also steal system access information for possible sale on the dark web.” Per the report, the update is part of a broader trend in malware development: “This discovery indicates a bigger trend of commodity malware evolving to mask a darker purpose and will force a change in the way cybersecurity professionals classify, investigate and protect themselves from threats. ” The change in the malware was first discovered during an investigation into anomalous activity behavior seen across a handful of endpoints. Wh..
Cryptocurrency ransomware, botnets and backdoors seem to have replaced cryptocurrency mining malware as the tool of choice for cybercriminals. Cryptocurrency ransomware, botnets and backdoors seem to have replaced cryptocurrency mining malware as the tool of choice for cybercriminals, according to a recent report from computer security firm Skybox Security. In its report dubbed “2019 Vulnerability and Threat Trends: Mid-Year Update,” Skybox reviews software vulnerabilities and newly developed exploits, as well as malware and attacks, among other related issues. Cloud services vulnerabilities are on the riseWhen it comes to digital currencies, the report notes that in 2018, cryptocurrency mining malware was the most popular tool for cybercriminals. However, following the decline in cryptocurrency values, attackers reportedly turned to ransomware, botnets and backdoors. The latter tools increased by 10%, 8%, and 18% respectively, between the first half of 2018 and the same period this y..
In 2019, centralized exchanges and individual hodlers are losing record-breaking sums of digital money to hackers and scammers. Much of digital assets’ appeal stems from the fact that many of them are not affiliated with or controlled by governments, central banks or transnational corporations (at least, not yet). The price paid for the independence from institutions of global capitalism, though, might sometimes be extremely high, as, in the event of cryptocurrency theft, there is no one to appeal to for recourse. Further still, the irreversible nature of blockchain transactions renders it extremely difficult to get the money back once its gone. The villains of the internet love cryptocurrencies for the same reasons. In the last few years, marked by the spike of popularity for digital money, hackers and scammers of all sorts have perfected the art of pilfering it from unwitting users, many of whom are newcomers to the space. Roughly a year ago, Cointelegraph had already compiled a len..
New Android malware sidesteps Google’s SMS permissions restrictions to get hold of two-factor authentication codes received via SMS. The cybersecurity company behind major antivirus software NOD32, ESET, reported on June 17 that new Android malware sidesteps Google’s SMS permissions restrictions to get hold of two-factor authentication (2FA) codes received via SMS. Per the report, some malicious apps are capable of accessing one-time-passwords sent to users via SMS by circumventing the restrictions recently implemented by Google. Furthermore, the same technique reportedly also allows for accessing email-based codes. According to the author, the apps in question impersonate Turkish cryptocurrency exchange BtcTurk and phish for login details to the service. The malware, “instead of intercepting SMS messages to bypass 2FA protection on users’ accounts and transactions, these malicious apps take the OTP from notifications appearing on the compromised device’s display.” The app also takes ..
Cybersecurity firm Trend Micro has detected a major uptick in monero cryptojacking malware targeting China-based systems this spring. Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) cryptojacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5. As previously reported, cryptojacking is an industry term for stealth crypto mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of cryptojacking attacks has since ostensibly steadied, according to Trend Micro. China accounted for 92% of the firm’s detections of the new strain. In an analysis of the attacks, the cybersecurity fi..
A new website spreads crypto-stealing malware by imitating the website Cryptohopper, a legitimate website where users can program tools for automatic trading. Twitter user and malware researcher Fumik0_ has discovered a new website that spreads cryptocurrency malware, according to a report by Bleeping Computer on June 5. According to the report, the host for transmitting these viruses is a website that imitates the website for Cryptohopper, a website where users can program tools to perform automatic cryptocurrency trading. When the scam site is visited, it reportedly automatically downloads a setup.exe installer, which will infect the computer once it runs. The setup panel will also display the logo of Cryptohopper in another attempt to trick the user. Running the installer is said to install the Vidar information-stealing Trojan, which further installs two Qulab trojans for mining and clipboard hijacking. The clipper and miners are then deployed once every minute in order to continu..
A malware dubbed BlackSquid infects web servers by employing eight different security exploits and installs mining software. Cybersecurity firm Trend Micro announced that it found a malware dubbed BlackSquid that infects web servers employing eight different security exploits and installs mining software. The findings were announced in a blog post published on June 3. Per the report, the malware targets web servers, network drives and removable drives using eight different exploit and brute force attacks. More precisely, the software in question employs “EternalBlue; DoublePulsar; the exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464; and three ThinkPHP exploits for multiple versions.” While the sample acquired by Trend Micro installs the XMRig monero (XMR) Central Processing Unit-based mining software, BlackSquid could also deliver other payloads in the future. According to Trend Micro data, most of the instances of the malware in question have been detected in Thailand a..
As many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware. As many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware that mines the privacy-focused open source cryptocurrency turtlecoin (TRTL). The news was revealed in an analysis by international hacker and cybersecurity expert group Guardicore Labs on May 29. As reported, cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. Having first detected the campaign in April and traced its origins and progress, Guardicore Labs believes the malware has infected up to 50,000 Windows MS-SQL and PHPMyAdmin servers over the past four months worldwide. The analysts backdated attacks to late February, noting the campaign’s precipitous expansion at a rate of over “seven hundred new victims per day.” Be..
An app that claims to enable users to earn BTC and ETH automatically is a front for ransomware and Trojans, a security researcher claims. An app that claims to give users the chance to earn $45 a day in free bitcoin (BTC) is a scam, according to a tweet by an “independent malware hunter” posted on May 20. The software, known as Bitcoin Collector, is advertised on a website that supposedly enables users to share a unique URL with their friends with payouts of 3 ether (ETH) (worth about $800 at press time) for every 1,000 people who click on it. But according to a security researcher who goes by the nickname Frost on Twitter, the app is a front for attempts to steal login credentials and money. At first, downloading the software launched ransomware that warned users all of their information had been encrypted “using the most cryptographic algorithms,” adding: “No system administrator in the world can solve this problem without knowing the password.” Recently, the scam evolved into a Tro..