Security News

Bogus Cryptomining Apps Infest Google Play
2021-08-18 18:26

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. Two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic - Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards - Cloud Based Mining System cost $5.99.

Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm scans for and exploits various known vulnerabilities in popular Unix and Linux-based web servers, including CVE-2020-14882 in the Oracle WebLogic Server, and CVE-2017-11610, a remote code-execution bug which affects XML-RPC servers.

Cryptomining scams target Android app users
2021-07-30 16:56

TechRepublic's Karen Roby interviews Lance Whitney about a recent report that detailed how cryptomining scams targeted Android app users and stole an estimated $350,000 from more than 93,000 people.

Cisco Talos researchers find crypto mining detections have doubled in the last year
2021-07-15 18:58

Cisco Talos researchers note in a new analysis that "Unauthorized software on end systems is never a good sign. Today it's a crypto miner, tomorrow it could be the initial payload in an eventual ransomware attack." Crypto mining has increased from 3% of all mining alerts in January 2020 to 6% in March 2021, according to analysis from Talos.

Android app users targeted with cryptomining scams
2021-07-08 13:42

Found on Google Play and third-party app stores, the apps discovered by Lookout stole an estimated $350,000 from more than 93,000 people. More than 170 Android apps, including 25 on Google Play, have been caught trying to scam people by offering cryptomining services for a fee but failing to deliver anything in return.

Non-Malicious Android Crypto Mining Apps Scam Users at Scale
2021-07-08 10:28

Researchers at mobile security firm Lookout have identified more than 170 Android apps that target and scam users interested in cryptocurrencies. These apps cannot even be classified as 'malware' since they do nothing typified as malicious and don't contain a payload. This is the height of their sophistication.

Cloud Cryptomining Swindle in Google Play Rakes in Cash
2021-07-07 11:57

Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000. In addition to offering the "Apps" themselves for a fee, the scammers also promote additional services and upgrades that users can purchase within the apps, either by transferring Bitcoin or Ethereum cryptocurrencies directly to the developers' wallets or via the Google Play in-app billing system.

Tens of thousands scammed using fake Android cryptomining apps
2021-07-07 11:44

Twenty-five of these fake apps were available in the Google Play Store, while those sold on third-party app stores could be side-loaded by victims on their Android devices. Lookout researchers revealed in a report published today that the apps didn't include any cloud cryptomining functionality.

Microsoft: Big Cryptomining Attacks Hit Kubeflow
2021-06-10 16:26

Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency. The newly discovered attack is similar to a cryptocurrency mining attack that Microsoft reported last June.

Kubeflow Deployments Targeted in New Crypto-mining Campaign
2021-06-09 17:49

A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft. According to Microsoft, the recent campaign popped up on their radar at the end of May, when TensorFlow pods started being deployed at scale on multiple Kubernetes clusters.