Security News

Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software
2022-08-29 10:15

The campaign entails serving malware through free software hosted on popular sites such as Softpedia and Uptodown. In an interesting tactic, the malware puts off its execution for weeks and separates its malicious activity from the downloaded fake software to avoid detection.

Crypto Miners Using Tox P2P Messenger as Command and Control Server
2022-08-24 17:59

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format artifact that functions as a bot and can run scripts on the compromised host using the Tox protocol.

241 npm and PyPI packages caught dropping Linux cryptominers
2022-08-19 20:11

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
2022-08-15 11:42

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "Secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index on August 6, 2022 and is described as "Secrets matching and verification made easy."

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection
2022-07-27 09:57

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly on the browser. Js code makes use of WebAssembly to run low-level binary code directly on the browser.

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners
2022-06-17 21:11

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner on victim networks.

New MaliBot Android banking malware spreads as a crypto miner
2022-06-16 19:43

Cybersecurity researchers have discovered a new Android banking malware named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. MaliBot focuses on stealing financial information such as e-banking service credentials, crypto wallet passwords, and personal details, while it's also capable of snatching two-factor authentication codes from notifications.

New botnet and cryptominer Panchan attacking Linux servers
2022-06-15 13:00

New botnet and cryptominer Panchan attacking Linux servers. Akamai Security Research announced on Wednesday it has uncovered a new botnet attacking the Linux servers of telecom and education providers in Asia, Europe and the Americas.

New peer-to-peer botnet infects Linux servers with cryptominers
2022-06-15 13:00

A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners
2022-05-17 02:37

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers.