Cryptocurrency miner

Pierluigi Paganini March 02, 2023
Cryptojacking campaign targets insecure deployments of Redis servers

Researchers from Cado Security discovered a cryptojacking campaign targeting misconfigured Redis database servers. Cado Labs researchers recently discovered a new cryptojacking campaign targeting insecure deployments of Redis database servers. Threat actors behind this campaign used the free and open source command line file transfer service transfer.sh. The attackers likely used the legitimate transfer.sh service is an attempt […]

Pierluigi Paganini September 21, 2022
Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted […]

Pierluigi Paganini September 19, 2022
TeamTNT is back and targets servers to run Bitcoin encryption solvers

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 […]

Pierluigi Paganini September 15, 2022
Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners Researchers from Kaspersky have spotted a self-extracting archive, served to gamers looking for cheats on YouTube, that was employed to deliver the RedLine Stealer information-stealing malware and crypto miners. The RedLine malware allows operators to steal several […]

Pierluigi Paganini June 10, 2022
Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […]

Pierluigi Paganini May 15, 2022
Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. Threat actors use the botnet in a cryptomining campaign targeting Windows […]

Pierluigi Paganini December 26, 2021
‘Spider-Man: No Way Home’ used to spread a cryptominer

Threat actors attempted to take advantage of the interest in the new ‘ Spider-Man: No Way Home’ movie to spread a Monero Cryptominer. Threat actors are attempting to capitalize the interest in the release of Spider-Man: No Way Home movie and use it as bait to spread a Monero cryptominer. ReasonLabs researchers spotted a Russian torrent website […]

Pierluigi Paganini November 10, 2021
TeamTNT group targets poorly configured Docker servers exposing REST APIs

TeamTNT hackers are targeting poorly configured Docker servers as part of an ongoing campaign that started in October. Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part of an ongoing campaign that started in October. Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, […]

Pierluigi Paganini October 23, 2021
Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular […]

Pierluigi Paganini July 25, 2021
Crooks target Kubernetes installs via Argo Workflows to deploy miners

Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. The experts discovered Argo Workflows instances with […]