Security News > 2022 > September > Shape-shifting cryptominer savages Linux endpoints and IoT

AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.

Popular adventure clothing brand The North Face and shoe company Vans, subsidiaries of the same parent company, have admitted to a credential stuffing attack that netted its attacker 194,905 user's worth of PII. Most every piece of PII stored on the two websites were compromised, with the exception of credit card numbers, which the brands' parent company VF Outdoors said it doesn't store on its sites.

As has been the case in past credential stuffing attacks, the data used to break into The North Face and Vans accounts may not have been stolen from VF, which the company reminds users to consider when setting a new password.

"If a breach occurs on other websites, an attacker could use your email address and password to access your account [with us]," the company said in letters sent to affected users.

CTU said the attack's structure is similar to Bronze President's previous campaigns and fits its modus operandi of launching politically-relevant attacks against government officials.

CTU said the attack isn't particularly sophisticated, instead relying on phishing and fooling targets into clicking on a malicious RAR file to execute the PlugX payload. Based on the directory structure of the RAR file being used in the attack, CTU said it's likely being distributed through phishing emails.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/10/in_brief_security/