Security News

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports. The malware enables itself with debug privilege and begins operation by launching several threads.

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.

BlackBerry announced on Wednesday that the latest release of its Optics endpoint security product now includes a feature designed to protect Intel-based PCs against cryptomining malware. As a result of the collaboration between the two companies, version 2.5.1100 of BlackBerry's Optics product uses a Context Analysis Engine that leverages CPU data from Intel's Threat Detection Technology to detect and block cryptojacking attempts.

BlackBerry has added a new feature to its endpoint detection and response platform Optics: An Intel-powered cryptojacking malware detection system. BlackBerry claims its cryptojacking EDR has "Virtually no processor impact" on Windows 10 systems that Optics runs on, allowing "Organizations [to] detect and mitigate cryptojacking with greater precision and consistent results across all types of workloads."

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.

Cryptojacking may not be entirely dead following the shutdown of a notorious cryptomining service, but it isn't very healthy, according to a paper released this week. Coinhive provided Monero cryptomining scripts for use on websites, retaining 30% of the funds for itself.

Since Coinhive's closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada, because online ads generate more revenue. Though Coinhive's code was marketed as a monetization alternative to advertising, it was quickly abused - a mining script can also be injected into a website by hackers without the site owner's knowledge.

Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.

Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.

Interpol announced on Wednesday that it has coordinated an international operation aimed at removing illegally installed cryptocurrency miners from routers located in Southeast Asia. The operation was launched in June 2019 and participants worked over a five-month period to identify compromised routers, alert victims, and install patches that would prevent cybercriminals from controlling the devices.