Monero

Pierluigi Paganini June 01, 2019
Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that […]

Pierluigi Paganini April 13, 2019
Malware campaign uses multiple propagation methods, including EternalBlue

Hackers are using the EternalBlue exploit and leveraging advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency. Security experts at Trend Micro have uncovered a malware campaign that is targeting Asian entities using the EternalBlue exploit and leveraging advantage of Living off the Land (LotL) obfuscated PowerShell-based […]

Pierluigi Paganini March 13, 2019
Modular Cryptojacking malware uses worm abilities to spread

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities by leveraging known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SqlServer. The Monero cryptocurrency miner […]

Pierluigi Paganini February 28, 2019
CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. The service made the headlines across the years because it was used by crooks to abuse computational resources of the victims that were visiting compromised websites hosting the Coinhive script. Coinhive was initially launched as a legitimate […]

Pierluigi Paganini November 26, 2018
Experts found a new powerful modular Linux cryptominer

Security experts from Russian antivirus firm Dr.Web have discovered a new strain of Linux cryptominer tracked as Linux.BtcMine.174. The Linux cryptominer has a multicomponent structure that implements a broad range of features in over 1,000 lines of code. When the Monero Linux cryptominer is first executed it checks whether the server, from which the Trojan will subsequently […]

Pierluigi Paganini October 13, 2018
Experts warn of fake Adobe Flash update hiding a miner that works as a legitimate update

Security experts from Palo Alto Networks warn of fake Adobe Flash update hiding a miner that works as legitimate update and really update the software. A fake Adobe Flash update actually was used as a vector for a malicious cryptocurrency miner, the novelty in this last campaign is represented by the tricks used by attackers to stealthily […]

Pierluigi Paganini September 20, 2018
Sustes Malware: CPU for Monero

Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows […]

Pierluigi Paganini August 06, 2018
ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. The expert called this new malware ZombieBoy because it uses a tool called […]

Pierluigi Paganini July 05, 2018
Crooks leverage obfuscated Coinhive shortlink in a large crypto-mining operation

Crooks leverage an alternative scheme to mine cryptocurrencies, they don’t inject the CoinHive JavaScript miner directly into compromised websites. Security researchers at MalwareLabs have uncovered a new crypto mining campaign that leverages an alternative scheme to mine cryptocurrencies, differently from other campaigns, crooks don’t inject the CoinHive JavaScript miner directly in compromised websites. CoinHive also […]

Pierluigi Paganini June 22, 2018
Crooks exploit CVE-2018-7602 Drupal flaw, aka Drupalgeddon3 to deliver Monero miner

Crooks are attempting to exploit a recently patched Drupal vulnerability, tracked as CVE-2018-7602, to drop Monero mining malware onto vulnerable systems. The CVE-2018-7602 flaw is a highly critical remote code execution issue, also known as Drupalgeddon3, that was addressed by the Drupal team in April with the release of versions 7.59, 8.4.8 and 8.5.3. The security patch for the […]