Security News

TrapX DeceptionGrid 7.2 protects containers against cryptojacking and other malicious attacks
2021-07-30 01:45

TrapX Security launched TrapX DeceptionGrid 7.2 featuring a new capability to protect containerized environments such as Kubernetes. TrapX DeceptionGrid secures container environments across on-premises and cloud infrastructures, independent of attack vectors.

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
2021-07-19 22:49

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week.

Linux-Focused Cryptojacking Gang Tracked to Romania
2021-07-14 16:45

A cryptojacking gang that's likely based in Romania is using a never-before-seen SSH brute-forcer dubbed "Diicot brute" to crack passwords on Linux-based machines with weak passwords. Bitdefender's honeypot data shows that attacks matching the brute-force tool's signature started in January.

Hackers Crack Pirated Games with Cryptojacking Malware
2021-06-25 13:20

A new Monero cryptojacking malware distributed via "Cracked" versions of popular online games is wiping out antivirus programs and surreptitiously mining cryptocurrency in more than a dozen countries, researchers have found. Dubbed "Crackonosh," the malware - which has been active since June 2018 - lurks in pirated versions of Grand Theft Auto V, NBA 2K19 and Pro Evolution Soccer 2018 that gamers can download free in forums, according to a report posted online Thursday by researchers at Avast.

Lemon Duck Cryptojacking Botnet Changes Up Tactics
2021-05-10 17:37

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That's according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities.

Microsoft and Intel join forces to advance endpoint detection and response against cryptojacking
2021-04-28 00:00

Microsoft Defender for Endpoint expands its use of Intel Threat Detection Technology beyond accelerated memory scanning capabilities to activate central processing unit based cryptomining machine learning detection. "Customers who choose Intel vPro with the exclusive Intel Hardware Shield now gain full-stack visibility to detect threats out of the box with no need for IT configuration."

Microsoft Defender now blocks cryptojacking malware using Intel TDT
2021-04-26 16:54

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology. Intel TDT is part of the Hardware Shield's suite of capabilities available on Intel vPro and Intel Core platforms, providing endpoint detection and response capabilities for advanced memory scanning, cryptojacking, and ransomware detection via CPU-based heuristics.

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign
2021-02-17 21:39

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
2021-02-01 03:15

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More
2020-08-21 14:04

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.