Connect with us

Monero news

Trend Micro Detects Major Uptick in New Strain of XMR Malware

Published

on

crypto-jacking malware targeting China-based systems this spring.

Trend Micro Detects Major Uptick in New Strain of XMR Malware

Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) crypto-jacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5.

As previously reported, crypto-jacking is an industry term for stealth crypto-mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of crypto-jacking attacks has since ostensibly steadied, according to Trend Micro. China accounted for 92% of the firm’s detections of the new strain.

In an analysis of the attacks, the cybersecurity firm identified that this latest campaign resembles a previous wave of activities that used an obfuscated PowerShell script (dubbed “PCASTLE”) to deliver XMR-mining malware. The earlier campaign, by contrast, targeted a host of different countries — notably Japan, Australia, Taiwan, Vietnam, Hong Kong, and India.

Trend Micro’s report describes in detail how the malware’s infection chain functions, and notes that while the campaign is focused on one geographic area, it seems to be indiscriminate in terms of industry. Trend Micro also notes that alongside their cross-industry target field, the attackers’:

“Use of XMRig as their payload’s miner module is […] not surprising. Algorithms for Monero mining are not as resource-intensive compared to other miners and don’t require a lot of processing power. This means they can illicitly mine the cryptocurrency without alerting users unless they notice certain red flags like performance issues.”

In its conclusion, Trend Micro notes that even while the motivations behind the attackers’ focus on China remain unclear, the campaign demonstrates that fileless malware techniques represent a persistent threat — one of the most prevalent in the current landscape, according to the firm.

Trend Micro also detected a malware dubbed BlackSquid that infects web servers by employing eight different security exploits and installs XMRig monero Central Processing Unit-based mining software.

Monero news

Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges

Published

on

Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges
Several security vulnerabilities have been disclosed by Monero, including one that could have been exploited to steal xmr from exchanges, reports on the breach disclosure platform HackerOne revealed on July 3.

Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges

Several security vulnerabilities have been disclosed by Monero, including one that could have been exploited to steal xmr from exchanges, reports on the breach disclosure platform HackerOne revealed on July 3.

The vulnerability theoretically enabled attackers to send counterfeit xmr to an exchange. Once the fraudster’s account was credited, they could then convert it into other coins and make a withdrawal, leaving the exchange out of pocket.

Describing the critical breach they uncovered, the lead developer for CUT coin added:

“It is our belief that the vulnerability cannot be used to “mint” real, trans-actable monero out of thin air.”

A bounty of 45 xmr (about $4,000) was paid to the developer for their efforts.

Most of the vulnerabilities recently disclosed to HackerOne were identified a few months ago, but they have since been resolved.

In April, monero developers fixed a bug concerning the Ledger hardware wallet that made it look like user funds had disappeared.

The privacy-focused altcoin is 14th in the rankings of the biggest cryptocurrencies by market capitalization according to CoinMarketCap.

Continue Reading

Monero news

BlackSquid Malware Infects Servers to Install Monero Crypto-jacking Software

Published

on

BlackSquid Malware Infects Servers to Install Monero Crypto-jacking Software

BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software

Cybersecurity firm Trend Micro announced that it found a malware dubbed BlackSquid that infects web servers employing eight different security exploits and installs mining software. The findings were announced in a blog post published on June 3.

Per the report, the malware targets web servers, network drives and removable drives using eight different exploit and brute force attacks. More precisely, the software in question employs “EternalBlue; DoublePulsar; the exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464; and three ThinkPHP exploits for multiple versions.”

While the sample acquired by Trend Micro installs the XMRig monero (XMR) Central Processing Unit-based mining software, BlackSquid could also deliver other payloads in the future. According to Trend Micro data, most of the instances of the malware in question have been detected in Thailand and the United States.

The malware can reportedly infect a system via three different routes: through a website hosted on an infected server, exploits, and removable or network drives. BlackSquid also cancels the infection protocol if it detects that the username, device driver or the disk drive model suggests that the software is running in a sandbox environment.

As many as 50,000 servers worldwide have allegedly been infected with an advanced crypto-jacking malware that mines the privacy-focused open-source cryptocurrency turtlecoin (TRTL).

At the beginning of May, Trend Micro also noted that cybercriminals are now exploiting known vulnerability CVE-2019-3396 for crypto mining in the software Confluence, a workspace productivity tool made by Atlassian.

Continue Reading

Monero news

Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner

Published

on

Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor.

Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner

Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13.

Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.”

Trend Micro also believes that the creators of the malware in question are still testing and developing it, since it contained some scripts that were included, but not executed. The firm’s telemetry also reportedly detected infection attempts in China.

Trend Micro had confirmed that attackers have been exploiting a vulnerability in the Oracle WebLogic server to install monero mining malware while using certificate files to obfuscate the endeavor.

In May, Firefox Quantum, the latest version of open-source internet browser Firefox, announced a new privacy toggle that protects against crypto jacking. Users can now toggle an opt-in feature that purportedly blocks would-be crypto jackers from taking advantage of spare computing power to mine cryptocurrencies.

Continue Reading

TRENDING

Copyright © 2015 Crypto Global News Team.