Windows users in Europe have recently been the target of a sophisticated malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers. Named DarkGate by its developer, the malware is reportedly distributed via Torrent files disguised as popular entertainment offerings — including the Spanish basketball dramedy…
The high return rate offered by cryptocurrency mining operations is encouraging cybercriminals to put extra thought into how to hide their mining malware so it can function for as long as possible before discovery. One such effort researched by Trend Micro focuses on Coinminer.Win32.MALXMR.TIAOODAM uses Windows Installer as its cloak of invisibility. Trend researchers Janus…
A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…
An unusually deceptive “Flash update” scam that installs unwanted programs on infected machines has been attempting to feign legitimacy by displaying pop-up notifications borrowed from the official Adobe installer, as well as by actually installing the latest version of Flash. A malicious Flash installer using this combination tricks in order to appear credible is “unprecedented…
Detections of cryptomining malware has increased by 459 percent since last year, according to a new report released today by the Cyber Threat Alliance (CTA), citing statistics collected from several of its member companies. Titled “The Illicit Cryptocurrency Cyber Threat,” the report warns that this dramatic year-over-year rise is no fluke, noting that illegal mining activity will likely…
A threat actor has been targeting Windows and Linux servers with a self-propagating malware mash-up that’s comprised of botnet, ransomware, disk wiper, cryptomining and worm elements all in one. Researchers from Palo Alto Networks’ Unit 42 division have tied the malware, dubbed Xbash, to the APT actor known as Iron Group. The same group has previously…
The now-shuttered XvBMC and Bubbles third-party add-on repositories, along with the still operating Gaia, have been hosting more than just software products, as researchers have discovered these sites have been abused to propagate a cryptomining campaign centered on the popular open-source media player Kodi. ESET researchers have reported that the three add-on repositories, two of…
A recently developed methodology for identifying Twitter bot accounts in large quantities has turned up a cryptocurrency scam botnet operation that leverages at least 15,000 bots to submit bogus tweets and likes.
A vulnerability report posted last Wednesday on the HackerOne bug bounty platform reveals that code from Monero’s cryptocurrency wallet contained a critical flaw that attackers could exploit to steal directly from digital coin exchanges.
A New Jersey woman who allegedly couldn’t keep her hands to herself was formally charged in Los Angeles County on July 13 with hacking the email accounts of actress and singer Selena Gomez and her associate.
