Security News

Docker servers hacked in ongoing cryptomining malware campaign
2022-04-21 19:54

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon Duck botnet. Cryptomining gangs are a constant threat to poorly secured or misconfigured Docker systems, with multiple mass-exploitation campaigns reported in recent years.

Cryptomining groups fight fiercely for cloud resources
2022-03-31 06:27

Cryptocurrency mining groups that typically have targeted on-premises servers are now competing fiercely for servers in the cloud. "Some groups avoid the competition altogether by focusing on different aspects of the system, which results in less crossover between rival groups," the researchers observed.

Mutating Verblecon malware in illicit cryptomining ... so far
2022-03-29 22:46

The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads - and that the crooks using Verblecon may not realize the power of the loader's full potential. "The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

Verblecon malware loader used in stealthy crypto mining attacks
2022-03-29 10:41

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January last year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware
2022-01-10 20:33

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics
2022-01-04 02:40

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years.

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
2021-12-29 14:26

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware
2021-12-27 03:32

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers.

Cybercriminals Target Alibaba Cloud for Cryptomining, Malware
2021-11-15 20:10

Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.

Alibaba ECS instances actively hijacked by cryptomining malware
2021-11-15 19:15

Threat actors are hijacking Alibaba Elastic Computing Service instances to install cryptominer malware and harness the available server resources for their own profit. Even better, to protect against malware such as cryptominers, ECS comes with a pre-installed security agent.