Security News

Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall. Exe, Norton 360's signed cryptocurrency-mining binary, to installations of Norton antivirus isn't new - but it seems to have taken the non-techie world a few months to realise what's going on.

Global buzz around the release of Spider-Man: No Way Home is making tons of online noise - an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the newly released film. A torrent download of Spider-Man: No Way Home is circulating, infected with a persistent Monero cryptominer, according to a new alert from ReasonLabs.

Cryptominer malware removal is a routine piece of the cybersecurity landscape these days. If criminals are hijacking your compute cycles to mine cryptocurrencies, chances are there's something worse lurking on your network too.

Sophos released new findings on the Tor2Mine cryptominer, that show how the miner evades detection, spreads automatically through a target network and is increasingly harder to remove from an infected system. In the research, Sophos describes new variants of the miner that include a PowerShell script that attempts to disable malware protection, execute the miner payload and steal Windows administrator credentials.

The library's lightweight npm package is extremely popular: according to the numbers on its npm registry page, it surpasses 8 million weekly downloads. The compromised packages were removed from the repository and a security advisory was published.

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question - named okhsa, klow, and klown - were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the "User-Agent" HTTP header.

Threat group FreakOut's Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.

Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Argo Workflows is the most popular workflow execution engine for Kubernetes, designed to orchestrate parallel jobs for speeding up machine learning or data processing computing-intensive jobs on Kubernetes clusters.

Authorities in Ukraine have made another cybersecurity bust - this time shutting down what they said is one of the largest underground cryptomining operations ever found. Stealing the vast amounts of electricity needed to power the computer farms required to mine cryptocurrency is most definitely prohibited.