Security News

'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware
2021-12-27 03:32

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers.

Cybercriminals Target Alibaba Cloud for Cryptomining, Malware
2021-11-15 20:10

Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.

Alibaba ECS instances actively hijacked by cryptomining malware
2021-11-15 19:15

Threat actors are hijacking Alibaba Elastic Computing Service instances to install cryptominer malware and harness the available server resources for their own profit. Even better, to protect against malware such as cryptominers, ECS comes with a pre-installed security agent.

Popular NPM Package Hijacked to Publish Crypto-mining Malware
2021-10-24 03:38

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library. The supply-chain attack targeting the open-source library saw three different versions - 0.7.29, 0.8.0, 1.0.0 - that were published with malicious code on Thursday following a successful takeover of the maintainer's NPM account.

Huawei Cloud targeted by updated cryptomining malware
2021-10-11 14:44

A new version of a Linux crypto-mining malware previously used to target Docker containers in 2020 now focuses on new cloud service providers like the Huawei Cloud. The analysis of the new campaign comes from researchers at TrendMicro, who explains how the malware has evolved with new features while retaining its previous functionality.

Bogus Cryptomining Apps Infest Google Play
2021-08-18 18:26

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. Two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic - Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards - Cloud Based Mining System cost $5.99.

Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm scans for and exploits various known vulnerabilities in popular Unix and Linux-based web servers, including CVE-2020-14882 in the Oracle WebLogic Server, and CVE-2017-11610, a remote code-execution bug which affects XML-RPC servers.

Cryptomining scams target Android app users
2021-07-30 16:56

TechRepublic's Karen Roby interviews Lance Whitney about a recent report that detailed how cryptomining scams targeted Android app users and stole an estimated $350,000 from more than 93,000 people.

Cisco Talos researchers find crypto mining detections have doubled in the last year
2021-07-15 18:58

Cisco Talos researchers note in a new analysis that "Unauthorized software on end systems is never a good sign. Today it's a crypto miner, tomorrow it could be the initial payload in an eventual ransomware attack." Crypto mining has increased from 3% of all mining alerts in January 2020 to 6% in March 2021, according to analysis from Talos.

Android app users targeted with cryptomining scams
2021-07-08 13:42

Found on Google Play and third-party app stores, the apps discovered by Lookout stole an estimated $350,000 from more than 93,000 people. More than 170 Android apps, including 25 on Google Play, have been caught trying to scam people by offering cryptomining services for a fee but failing to deliver anything in return.