Security News

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers.

Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.

Threat actors are hijacking Alibaba Elastic Computing Service instances to install cryptominer malware and harness the available server resources for their own profit. Even better, to protect against malware such as cryptominers, ECS comes with a pre-installed security agent.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library. The supply-chain attack targeting the open-source library saw three different versions - 0.7.29, 0.8.0, 1.0.0 - that were published with malicious code on Thursday following a successful takeover of the maintainer's NPM account.

A new version of a Linux crypto-mining malware previously used to target Docker containers in 2020 now focuses on new cloud service providers like the Huawei Cloud. The analysis of the new campaign comes from researchers at TrendMicro, who explains how the malware has evolved with new features while retaining its previous functionality.

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. Two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic - Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards - Cloud Based Mining System cost $5.99.

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm scans for and exploits various known vulnerabilities in popular Unix and Linux-based web servers, including CVE-2020-14882 in the Oracle WebLogic Server, and CVE-2017-11610, a remote code-execution bug which affects XML-RPC servers.

TechRepublic's Karen Roby interviews Lance Whitney about a recent report that detailed how cryptomining scams targeted Android app users and stole an estimated $350,000 from more than 93,000 people.

Cisco Talos researchers note in a new analysis that "Unauthorized software on end systems is never a good sign. Today it's a crypto miner, tomorrow it could be the initial payload in an eventual ransomware attack." Crypto mining has increased from 3% of all mining alerts in January 2020 to 6% in March 2021, according to analysis from Talos.