Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS 61

DNS Phishing Ransomware Internet 61

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. tmp 2>&1″ Stealing cryptocurrency. Malware infection.

Cryptocurrency 130

Cryptocurrency Malware Accountability Banking 130

Bleeping Computer

NOVEMBER 24, 2022

Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. [.].

DNS 96

DNS Cryptocurrency 96

Malwarebytes

JULY 4, 2022

DNS encryption. DNS encryption plugs a gap that makes it easy to track the websites you visit. The domain name system (DNS) is a distributed address book that lists domain names and their corresponding IP addresses. Cryptocurrencies. People may be surprised to see cryptocurrencies appearing in our list.

Internet 111

Internet Internet Technology DNS 111

Threatpost

OCTOBER 13, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.

Cryptocurrency 97

Cryptocurrency DNS 97

Krebs on Security

MARCH 9, 2023

The site’s true WHOIS registration records have always been hidden by privacy protection services, but there are plenty of clues in historical Domain Name System (DNS) records for WorldWiredLabs that point in the same direction. A review of DNS records for both printschoolmedia[.]org DNS records for worldwiredlabs[.]com

DNS 257

DNS Cybercrime Passwords Accountability 257

Heimadal Security

NOVEMBER 25, 2022

More than 1,600 publicly available images on Docker Hub were found to hide malicious behavior, including DNS hijackers, cryptocurrency miners, website redirectors, and embedded secrets that can be used as backdoors. Docker images serve as templates for quickly and easily building containers with pre-built code and applications.

Malware 94

Malware DNS Cryptocurrency Cybersecurity 94

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering 97

Social Engineering Engineering DNS Data breaches 97

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. states the report published by Intezer. .

Cryptocurrency 87

Cryptocurrency Malware Ransomware Cybercrime 87

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org “Why choose us?

Scams 201

Scams Cryptocurrency Media Hacking 201

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. ” concludes the analysis.”

DNS 122

DNS Cryptocurrency Internet Internet 122

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus 104

Antivirus Cryptocurrency Malware Software 104

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 79

Cryptocurrency Data breaches DNS DDOS 79

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Malware 107

Malware DNS Cryptocurrency Internet 107

Krebs on Security

DECEMBER 20, 2018

They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. ” In such assaults, the perpetrators leverage unmanaged Domain Name Servers (DNS) or other devices on the Web to create huge traffic floods.

DNS 187

DNS Computers and Electronics Government Internet 187

Security Affairs

JANUARY 25, 2021

. “These particular applications are targeted because they often run on systems that have powerful underlying hardware with significant amounts of memory and powerful CPUs—all of which allow threat actors to maximize their ability to monetize these resources through mining cryptocurrency.” Ransomware, data theft).

Cryptocurrency 136

Cryptocurrency Malware DNS Passwords 136

CyberSecurity Insiders

FEBRUARY 3, 2022

A hacker from United States named P4x has admitted that he took down the internet of North Korea last week by launching a distributed denial of service attack on the central DNS servers of the country.

Internet 127

Internet Internet DNS Backups 127

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. The DNS redirection was discovered in a few hours, but it was enough for the hackers to steal more than $800,000 from the accounts of the EtherDelta users.

Hacking 78

Hacking DNS Cryptocurrency Accountability 78

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS 93

DNS Antivirus Cryptocurrency Software 93

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Experts from BleepingComputer reported that attackers would change the configured DNS servers to 109 [. 234.35.230 and 94 [. 103.82.249. com winimage.com.

Malware 73

Malware DNS Advertising Cryptocurrency 73

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. NS ???????????? awsdns-61[.]org

Accountability 91

Accountability Phishing DNS Cryptocurrency 91

eSecurity Planet

FEBRUARY 19, 2024

Akira also has potential ties to Conti, another ransomware group, through cryptocurrency transactions, according to Unit 42. February 19, 2024 ExpressVPN Split Tunneling Disabled after Discovered Vulnerability Type of vulnerability: DNS traffic leak.

VPN 111

VPN DNS Ransomware Software 111

SecureList

JANUARY 22, 2024

With this URL, the sample made a request to a DNS server as an attempt to get a TXT record for the domain. This was a fairly interesting and unusual way of contacting a command-and-control server and hiding activity inside traffic, and it guaranteed downloading the payload, as the response message came from the DNS server.

Software 108

Software DNS Computers and Electronics Malware 108

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. However, in the recent campaign, the attackers used a Trojanized version of the Tor Browser to steal cryptocurrency.

DNS 101

DNS Malware Cryptocurrency Retail 101

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

Cryptocurrency 113

Cryptocurrency Cybercrime DNS Malware 113

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 103

Cryptocurrency Social Engineering Media Phishing 103

Krebs on Security

MARCH 28, 2021

I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS. “This morning, I noticed a fan making excessive noise on a server in my homelab,” the reader said.

Hacking 357

Hacking Cybercrime DNS Antivirus 357

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. “It installs a cryptocurrency-mining malware as well as implant itself into the system and crontabs to survive reboots and deletions.”

Malware 89

Malware Cryptocurrency Advertising DNS 89

Security Affairs

MARCH 17, 2022

The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S. It also looks for scheduled tasks, traffic redirection rules (NAT and other rules), DNS cache poisoning, default port changes, non-default users, suspicious files, as well as proxy, SOCKS and firewall rules. Pierluigi Paganini.

Malware 117

Malware DNS Passwords Ransomware 117

Security Affairs

OCTOBER 15, 2019

. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. These records are accessed via normal DNS queries or DNS-over-HTTPs ( DoH ) if the DNS query fails. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cybercrime 61

Cybercrime DNS Malware Advertising 61

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. After substituting the DNS servers, the malware starts updating itself by running update.exe with the argument self-upgrade (“C:Program Files (x86)AdShieldupdater.exe” -self-upgrade). transmissionbt[.]org.

DNS 143

DNS Antivirus Malware Encryption 143

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 103

Backups Cryptocurrency DNS Malware 103

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. The bug was named TsuNAME.

DDOS 134

DDOS DNS IoT Marketing 134

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. The razzmatazz of cryptocurrency hasn’t helped blockchain’s adoption as a technology beyond finance. More robust security for Domain Name Systems (DNS). The Intersection of Cryptocurrency and Cybersecurity.

Cybersecurity 135

Cybersecurity Cryptocurrency Technology Energy and Utilities 135

Krebs on Security

FEBRUARY 26, 2023

The hackers were able to change the Domain Name System (DNS) records for the transaction brokering site escrow.com so that it pointed to an address in Malaysia that was host to just a few other domains, including the then brand-new phishing domain servicenow-godaddy[.]com.

Hacking 277

Hacking Social Engineering Phishing Scams 277

Cisco Security

MAY 3, 2022

Denonia is a cryptocurrency mining software that is specifically designed to run on AWS Lambda, recently discovered by Cado Security on April 6th, 2022. Enter Denonia. It is likely that Denonia has been running prior to this date, so adjust your investigations accordingly. Domains: denonia[.]xyz. ctrl.denonia[.]xyz. gw.denonia[.]xyz.

DNS 101

DNS Threat Detection Software Cryptocurrency 101

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 112

Malware DNS Encryption Cryptocurrency 112