Security News

A new Monero cryptojacking malware distributed via "Cracked" versions of popular online games is wiping out antivirus programs and surreptitiously mining cryptocurrency in more than a dozen countries, researchers have found. Dubbed "Crackonosh," the malware - which has been active since June 2018 - lurks in pirated versions of Grand Theft Auto V, NBA 2K19 and Pro Evolution Soccer 2018 that gamers can download free in forums, according to a report posted online Thursday by researchers at Avast.

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That's according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities.

Microsoft Defender for Endpoint expands its use of Intel Threat Detection Technology beyond accelerated memory scanning capabilities to activate central processing unit based cryptomining machine learning detection. "Customers who choose Intel vPro with the exclusive Intel Hardware Shield now gain full-stack visibility to detect threats out of the box with no need for IT configuration."

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology. Intel TDT is part of the Hardware Shield's suite of capabilities available on Intel vPro and Intel Core platforms, providing endpoint detection and response capabilities for advanced memory scanning, cryptojacking, and ransomware detection via CPU-based heuristics.

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services cloud and collecting credentials. Attacking AWS. The attack starts with targeting the way that AWS stores credentials in an unencrypted file at ~/.aws/credentials, and additional configuration details in a file at ~/.aws/config.

A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services credentials. The worm still scans for open Docker APIs, then spins up Docker images and install itself in a new container, but it now also searches for exploitable Kubernetes systems and files containing AWS credentials and configuration details - just in case the compromised systems run on the AWS infrastructure.

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports. The malware enables itself with debug privilege and begins operation by launching several threads.