Security News

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
2024-01-12 07:56

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is...

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
2024-01-04 10:35

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three...

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers
2023-12-20 12:59

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability to distribute malware, the Imperva Threat Research team has found. Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities.

NPM packages posing as speed testers install crypto miners instead
2023-02-14 17:25

A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors. The packages were uploaded onto NPM, an online repository containing over 2.2 million open-source JavaScript packages shared among software developers to speed up the coding process.

New SHC-compiled Linux malware installs cryptominers, DDoS bots
2023-01-04 22:29

A new Linux malware downloader created using SHC has been spotted in the wild, infecting systems with Monero cryptocurrency miners and DDoS IRC bots. According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware
2022-10-21 14:56

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report.

Cryptominers hijack $53 worth of system resources to earn $1
2022-09-28 13:00

Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices. The threat actors load modified OS images containing XMRig, a miner for Monero, which is a privacy-oriented hard-to-trace cryptocurrency, and currently the most profitable CPU-based mining.

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners
2022-09-22 06:17

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script on the victim's machine, which, in turn, fetched a second shell script.

Shape-shifting cryptominer savages Linux endpoints and IoT
2022-09-10 11:00

AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones. Popular adventure clothing brand The North Face and shoe company Vans, subsidiaries of the same parent company, have admitted to a credential stuffing attack that netted its attacker 194,905 user's worth of PII. Most every piece of PII stored on the two websites were compromised, with the exception of credit card numbers, which the brands' parent company VF Outdoors said it doesn't store on its sites.

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
2022-08-30 12:55

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell,.NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRat, to enable various stages of their operations," Cisco Talos researcher Vanja Svajcer said in a report shared with The Hacker News.