Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. ” states the report published by Trend Micro.

Cryptocurrency 104

Cryptocurrency IoT Software Malware 104

Security Affairs

MARCH 30, 2021

Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Pierluigi Paganini.

Cryptocurrency 100

Cryptocurrency Accountability Architecture Software 100

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.

Malware 132

Malware Cryptocurrency Accountability Software 132

Security Affairs

JUNE 27, 2023

An unnamed Japanese cryptocurrency exchange was the victim of a cyber attack aimed at deploying an Apple macOS backdoor named JokerSpy. Elastic Security Labs researchers provided details about a recently discovered intrusion at an unnamed cryptocurrency exchange, aimed at deploying an Apple macOS backdoor named JokerSpy.

Cryptocurrency 87

Cryptocurrency Spyware Malware Architecture 87

Security Affairs

MARCH 8, 2021

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. Unity is an XMRig cryptocurrency miner. and Quick.tar.gz.

Cryptocurrency 104

Cryptocurrency Firmware Malware Threat Detection 104

Security Affairs

APRIL 3, 2021

Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Miner itself is downloaded from gitlab. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Cryptocurrency 107

Cryptocurrency Accountability Software Engineering 107

Security Affairs

APRIL 18, 2021

Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. “The.zip file is not a compressed archive, but a batch script that then invokes the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip.”

Cryptocurrency 77

Cryptocurrency Passwords Hacking Information Security 77

Security Affairs

OCTOBER 3, 2023

The malware also supports anti-sandbox techniques and evasion techniques, it can download and execute a second-stage payload, log keys, steal sensitive information and cryptocurrency, and execute remote commands. ” reads the report published by Zscaler. BunnyLoader v1.7 ” continues the report.

Advertising 115

Advertising Cybercrime Malware Cryptocurrency 115

Security Affairs

JULY 19, 2020

The social media giant Twitter confirmed that hackers compromised 130 accounts in last week hack and downloaded data from eight of them. All the accounts were compromised simultaneously and threat actors used them to promote a cryptocurrency scam. ” continues the update. Pierluigi Paganini.

Accountability 99

Accountability Social Engineering Media Hacking 99

Security Affairs

JUNE 3, 2022

The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. Clipminer was first spotted in early 2021, it likely spread via Trojanized downloads of cracked or pirated software. Then the downloader connects to the Tor network to download the components of the Clipminer.

Cryptocurrency 135

Cryptocurrency Malware Hacking Software 135

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency 90

Cryptocurrency Advertising Phishing Passwords 90

Security Affairs

JANUARY 5, 2021

Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously undetected RAT named ElectroRAT. ” continues the variant.

Cryptocurrency 59

Cryptocurrency Media Advertising Marketing 59

Security Affairs

JANUARY 15, 2024

Researchers devised a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners. Cybersecurity researchers from cyber security firm Aqua have uncovered a new attack targeting Apache Hadoop and Flink applications. ” states the report.

Cryptocurrency 103

Cryptocurrency Big data Software Malware 103

Security Affairs

NOVEMBER 5, 2023

The attackers attempted to trick victims into downloading and decompress a ZIP archive (Cross-Platform Bridges.zip) containing the malicious Python code masqueraded by an arbitrage bot. An arbitrage bot is a tool that allows users to profit from cryptocurrency rate differences between platforms. ” concludes the report.

Engineering 94

Engineering Malware Cryptocurrency Encryption 94

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Download files. Upload files. Open a URL.

Malware 99

Malware Cryptocurrency Hacking Software 99

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency 118

Cryptocurrency Malware Antivirus Phishing 118

Security Affairs

JULY 7, 2020

The recent wave has been noted in Portugal and is impacting clients of several Portuguese and Brazilian banking organizations and also some cryptocurrency platforms. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain.

Malware 91

Malware Banking Phishing Internet 91

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 87

Accountability Cryptocurrency Malware Phishing 87

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. According to Martin, other cryptocurrency organizations were hit by similar attacks. browser ) or OS only when the application is downloaded via normal means (i.e.

Cryptocurrency 72

Cryptocurrency Malware Advertising Passwords 72

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. The researchers noticed that the downloaded package file is replaced with a malware-laced one on the wire because the process doesn’t use an HTTPS connection.

Antivirus 96

Antivirus Malware DNS Cryptocurrency 96

Security Affairs

JANUARY 4, 2024

Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner. The malicious packages totaled more than 400 downloads before they were removed from the repository. This file outlines the cryptocurrency mining setting.

Cryptocurrency 112

Cryptocurrency Accountability Malware Hacking 112

Security Affairs

JUNE 5, 2019

A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives.

Cryptocurrency 61

Cryptocurrency Malware Advertising Hacking 61

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. It downloads and runs files from external sources, and based on the fact that XMRig CoinMiner is downloaded and installed from the currently available address, it is assumed to be a CoinMiner downloader.”

Malware 93

Malware DDOS Cryptocurrency Firewall 93

Security Affairs

APRIL 13, 2024

The recent malware campaign involves a large, padded executable file that shares similarities with the “Keyzetsu clipper” malware, targeting cryptocurrency wallets. On April 3rd, the attacker updated the code in one of their repositories, linking to a new URL that downloads a different encrypted.7z

Malware 117

Malware Cryptocurrency Encryption Hacking 117

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”

Malware 290

Malware Software Technology Accountability 290

Security Affairs

JUNE 10, 2022

Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners.

Cryptocurrency 115

Cryptocurrency Malware Hacking Cybersecurity 115

Security Affairs

APRIL 1, 2024

The malicious site includes a link to download Arc for macOS. The disk image file (DMG) downloaded from the site is signed ad-hoc and provides instructions to right-click the app and select open thus overriding any Gatekeeper warnings. This technique allows for evasion of detection.

Malware 118

Malware Cryptocurrency Software Engineering 118

Security Affairs

AUGUST 30, 2022

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. The downloaded PowerShell code also downloads and runs auxiliary modules and payloads.” “The next stage is the PowerShell loader. ” reads the analysis published by Cisco Talos.

Malware 126

Malware Cryptocurrency Hacking Technology 126

Security Affairs

NOVEMBER 22, 2022

. “These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites.” ” reads the analysis by the experts.

Cybercrime 92

Cybercrime Malware Cryptocurrency Advertising 92

Security Affairs

JANUARY 23, 2021

Once the hackers gained access to a system, they downloaded an initial assm.exe file to achieve persistence and to add a backdoor account for future access. Upon creating the account, the malicious code connects to the C2 to download a Monero (XMR) cryptocurrency miner that runs on the local server.

Software 109

Software Cryptocurrency Accountability Malware 109

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. Last week, SentinelOne researchers discovered a decoy documents advertising positions for the popular cryptocurrency exchange Crypto.com. This functions as a downloader from a C2 server.

Malware 90

Malware Cryptocurrency Architecture Advertising 90

Security Affairs

JULY 29, 2020

The researchers pointed out that the Doki is a new multi-threaded malware leverages an undocumented technique for C2 communications by abusing the Dogecoin cryptocurrency blockchain in a unique way. The downloader script allows operators to download and install various malware binaries, including cryptominers.

Cryptocurrency 136

Cryptocurrency Malware Advertising VPN 136

Security Affairs

DECEMBER 26, 2022

. “In instances where a user is searching for a program to download, the fraudulent webpage has a link to download software that is actually malware. The download page looks legitimate and the download itself is named after the program the user intended to download.” Pierluigi Paganini.

Advertising 89

Advertising Engineering Education Internet 89

Security Affairs

MAY 30, 2024

The software may also contain encryption or features subject to export controls under the Export Administration Regulations (EAR), potentially leading to further legal violations by foreign nationals downloading it without a license. ” continues DoJ. Kitts and Nevis, and the United States), and 20 domains. “ The U.S.

VPN 84

VPN Cryptocurrency Malware Software 84

Security Affairs

MARCH 29, 2023

The attackers take advantage of the fact that the official Tor Project has been banned in Russia since the end of 2021, so users in Russia search for third-party repositories to download the Tor browser. The victims download the Tor Browser from a third-party server and execute it as torbrowser.exe. ” concludes the report.

Malware 84

Malware Passwords Cryptocurrency Antivirus 84

Security Affairs

NOVEMBER 8, 2022

Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Clipper is a family of malware designed to hijack cryptocurrency transactions by swapping the victim’s wallet address with the wallet address owned by attackers. ” concludes the report.

Malware 91

Malware Cryptocurrency Hacking Cybercrime 91

Security Affairs

OCTOBER 30, 2023

Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner.

Malware 115

Malware Cryptocurrency Ransomware Hacking 115