Security News

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers
2022-07-01 01:20

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

Hackers exploit recently patched Confluence bug for cryptomining
2022-06-10 15:29

A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. Various proof of concept exploits were released in the days that followed, giving a broader base of malicious actors an easy way to exploit the flaw for their purposes.

NVIDIA fined for failure to disclose cryptomining sales boost
2022-05-06 14:30

The U.S. Securities and Exchange Commission announced Friday that it settled charges against multinational tech firm NVIDIA for "Inadequate disclosures" of cryptomining's impact on its gaming business. Settled charges are linked to NVIDIA's failure to disclose that much of the company's gaming sales were boosted by cryptomining, with customers increasingly using NVIDIA GPUs to mine for cryptocurrency starting with 2017.

Docker servers hacked in ongoing cryptomining malware campaign
2022-04-21 19:54

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon Duck botnet. Cryptomining gangs are a constant threat to poorly secured or misconfigured Docker systems, with multiple mass-exploitation campaigns reported in recent years.

Cryptomining groups fight fiercely for cloud resources
2022-03-31 06:27

Cryptocurrency mining groups that typically have targeted on-premises servers are now competing fiercely for servers in the cloud. "Some groups avoid the competition altogether by focusing on different aspects of the system, which results in less crossover between rival groups," the researchers observed.

Mutating Verblecon malware in illicit cryptomining ... so far
2022-03-29 22:46

The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads - and that the crooks using Verblecon may not realize the power of the loader's full potential. "The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

Verblecon malware loader used in stealthy crypto mining attacks
2022-03-29 10:41

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January last year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware
2022-01-10 20:33

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics
2022-01-04 02:40

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years.

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
2021-12-29 14:26

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.