Security News > 2023 > March > Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
2023-03-16 13:39

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems.

Specifically, the early phase of the attack chain involved the use of a cryptocurrency miner, which the cloud security firm suspected was deployed as a decoy to conceal the detection of data exfiltration.

Another activity cluster of note is Kiss-a-dog, which also relies on tools and command-and-control infrastructure previously associated with TeamTNT to mine cryptocurrency.

Profile file, to ensure that the miner continues to run across system reboots.

The findings come as another crypto miner group dubbed the 8220 Gang has been observed using a crypter called ScrubCrypt to carry out illicit cryptojacking operations.

Cybersecurity company Morphisec, last month, also shed light on an evasive malware campaign that leverages the ProxyShell vulnerabilities in Microsoft Exchange servers to drop a crypto miner strain codenamed ProxyShellMiner.


News URL

https://thehackernews.com/2023/03/cryptojacking-group-teamtnt-suspected.html