Connect with us

Monero news

Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges

Published

on

Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges
Several security vulnerabilities have been disclosed by Monero, including one that could have been exploited to steal xmr from exchanges, reports on the breach disclosure platform HackerOne revealed on July 3.

Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges

Several security vulnerabilities have been disclosed by Monero, including one that could have been exploited to steal xmr from exchanges, reports on the breach disclosure platform HackerOne revealed on July 3.

The vulnerability theoretically enabled attackers to send counterfeit xmr to an exchange. Once the fraudster’s account was credited, they could then convert it into other coins and make a withdrawal, leaving the exchange out of pocket.

Describing the critical breach they uncovered, the lead developer for CUT coin added:

“It is our belief that the vulnerability cannot be used to “mint” real, trans-actable monero out of thin air.”

A bounty of 45 xmr (about $4,000) was paid to the developer for their efforts.

Most of the vulnerabilities recently disclosed to HackerOne were identified a few months ago, but they have since been resolved.

In April, monero developers fixed a bug concerning the Ledger hardware wallet that made it look like user funds had disappeared.

The privacy-focused altcoin is 14th in the rankings of the biggest cryptocurrencies by market capitalization according to CoinMarketCap.

Monero news

Monero developers release tentative schedule for planned upgrade on 30 November

Published

on

Monero continued to remain in the limelight after many exchanges started to delist the privacy coin, with many in South Korea doing so citing the FATF’s new travel rule.

Monero continued to remain in the limelight after many exchanges started to delist the privacy coin, with many in South Korea doing so citing the FATF’s new travel rule. This time, Monero has caught the attention of the crypto-community for its upgrade towards the end of the year. The protocol upgrade will be carried out to improve Monero’s existing offerings.

This upgrade will include freezing of code, which means that no further changes can be done from the developers’ end. There will be a network upgrade too. In order to enjoy the latest features after the update, users will be required to upgrade their systems to CLI v0.15 or GUI v0.15. Along with these minor upgrades, there is a significant number of major changes.

A tentative schedule for the proposed upgrade was decided over a developers’ meeting yesterday. The upgrade, as of now, is planned to take effect on 30 November.

Source: Reddit

Source: Reddit

Firstly, a newly developed long-term Proof-of-Work algorithm known as RandomX will be integrated. Thus, miners will be required to upgrade the existing software. Moreover, long payment IDs will be eliminated so that user experience can be enhanced. This step will also ensure that the privacy feature for users will be improved later, post the update. With the transaction update, the minimum requirement for the transactions will become at least two transactions.

The last update will incorporate the lock time of the incoming transactions. Post upgrade, it will be fixed to ten blocks; that is, approximately twenty minutes lock time for all incoming transactions implemented over the protocol level. All these actions are considered vital for improving the existing privacy features over the Monero network.

Continue Reading

Monero news

Trend Micro Detects Major Uptick in New Strain of XMR Malware

Published

on

crypto-jacking malware targeting China-based systems this spring.

Trend Micro Detects Major Uptick in New Strain of XMR Malware

Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) crypto-jacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5.

As previously reported, crypto-jacking is an industry term for stealth crypto-mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of crypto-jacking attacks has since ostensibly steadied, according to Trend Micro. China accounted for 92% of the firm’s detections of the new strain.

In an analysis of the attacks, the cybersecurity firm identified that this latest campaign resembles a previous wave of activities that used an obfuscated PowerShell script (dubbed “PCASTLE”) to deliver XMR-mining malware. The earlier campaign, by contrast, targeted a host of different countries — notably Japan, Australia, Taiwan, Vietnam, Hong Kong, and India.

Trend Micro’s report describes in detail how the malware’s infection chain functions, and notes that while the campaign is focused on one geographic area, it seems to be indiscriminate in terms of industry. Trend Micro also notes that alongside their cross-industry target field, the attackers’:

“Use of XMRig as their payload’s miner module is […] not surprising. Algorithms for Monero mining are not as resource-intensive compared to other miners and don’t require a lot of processing power. This means they can illicitly mine the cryptocurrency without alerting users unless they notice certain red flags like performance issues.”

In its conclusion, Trend Micro notes that even while the motivations behind the attackers’ focus on China remain unclear, the campaign demonstrates that fileless malware techniques represent a persistent threat — one of the most prevalent in the current landscape, according to the firm.

Trend Micro also detected a malware dubbed BlackSquid that infects web servers by employing eight different security exploits and installs XMRig monero Central Processing Unit-based mining software.

Continue Reading

Monero news

BlackSquid Malware Infects Servers to Install Monero Crypto-jacking Software

Published

on

BlackSquid Malware Infects Servers to Install Monero Crypto-jacking Software

BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software

Cybersecurity firm Trend Micro announced that it found a malware dubbed BlackSquid that infects web servers employing eight different security exploits and installs mining software. The findings were announced in a blog post published on June 3.

Per the report, the malware targets web servers, network drives and removable drives using eight different exploit and brute force attacks. More precisely, the software in question employs “EternalBlue; DoublePulsar; the exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464; and three ThinkPHP exploits for multiple versions.”

While the sample acquired by Trend Micro installs the XMRig monero (XMR) Central Processing Unit-based mining software, BlackSquid could also deliver other payloads in the future. According to Trend Micro data, most of the instances of the malware in question have been detected in Thailand and the United States.

The malware can reportedly infect a system via three different routes: through a website hosted on an infected server, exploits, and removable or network drives. BlackSquid also cancels the infection protocol if it detects that the username, device driver or the disk drive model suggests that the software is running in a sandbox environment.

As many as 50,000 servers worldwide have allegedly been infected with an advanced crypto-jacking malware that mines the privacy-focused open-source cryptocurrency turtlecoin (TRTL).

At the beginning of May, Trend Micro also noted that cybercriminals are now exploiting known vulnerability CVE-2019-3396 for crypto mining in the software Confluence, a workspace productivity tool made by Atlassian.

Continue Reading

TRENDING

Copyright © 2015 Crypto Global News Team.