Security News

Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000. In addition to offering the "Apps" themselves for a fee, the scammers also promote additional services and upgrades that users can purchase within the apps, either by transferring Bitcoin or Ethereum cryptocurrencies directly to the developers' wallets or via the Google Play in-app billing system.

Twenty-five of these fake apps were available in the Google Play Store, while those sold on third-party app stores could be side-loaded by victims on their Android devices. Lookout researchers revealed in a report published today that the apps didn't include any cloud cryptomining functionality.

Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency. The newly discovered attack is similar to a cryptocurrency mining attack that Microsoft reported last June.

A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft. According to Microsoft, the recent campaign popped up on their radar at the end of May, when TensorFlow pods started being deployed at scale on multiple Kubernetes clusters.

Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency. The attacks had started towards the end of May when Microsoft security researchers observed a sudden increase in TensorFlow machine learning pod deployments.

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. "The burst of deployments on the various clusters was simultaneous. This indicates that the attackers scanned those clusters in advance and maintained a list of potential targets, which were later attacked on the same time," Microsoft's Senior Security Research Engineer Yossi Weizman said in a report.

New upgrades have been made to a Python-based "Self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today.

The first report, detailing desktop attacks, found that cryptomining malware has exploded in popularity, while the second report covering mobile devices, revealed that a popular Trojan targeting gamers has made the leap from PC to Android. Between February and March 2021, during which time the price of a single bitcoin increased by more than $10,000, the number of modified cryptomining malware found by Kaspersky experienced a similar jump with a fourfold increase over the course of the same time period.

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero miner and self-spreader malware payloads. While, at first, it was using a multi-component architecture with the miner and worm modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.

At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis. The malicious images have raked in around $200,000 from cryptomining, according to Aviv Sasson, researcher with Palo Alto Networks' Unit 42, who found and reported the malicious activity.