Researchers have found what they are calling the first crpytojacking worm to spread to and from compromised containers in the Docker Engine. Named Graboid as an homage to the monster worm in the 1990 movie Tremors, the malware mines Monero cryptocurrency from infected machines and randomly spreads to other vulnerable hosts. Indeed, the malware contains a list…
It appears North Korean hackers have revisited a tried-and-true scheme to attack Mac owners who work at cryptocurrency exchanges: creating a fake company and corresponding cryptocurrency trading app that actually infects users with malware. Researcher Patrick Wardle, creator of OS X security firm Objective-See, reported in a blog post late last week that malicious actors…
Researchers have uncovered two variants of information-stealing Mac malware that impersonates a legitimate stocks and cryptocurrency trading application. The two variants, identified by Trend Micro as Trojan.MacOS.GMERA.A and Trojan.MacOS.GMERA.B, both include a copy of Stockfolio version 1.4.13, along with the malware author’s digital certificate and various malicious components. The first variant’s components include a Mach-O…
Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account…
Several vulnerabilities in the Bitcoin Lightning Network that were revealed in late August are now active in the wild and could result in funds being lost from accounts. Olaoluwa Osuntokun, CTO at Lightning Labs, posted on the Linux Foundation website that Bitcoin Lightning Network users who have not updated their systems to the latest patched…
A new password-stealer malware has appeared that targets cryptocurrencies and brute-forces and steals administrator credentials from unsecured WordPress websites. Avast researchers nicknamed the malware Clipsa, due to its penchant for replacing crypto-addresses present in a clipboard, and noted it is written in Visual Basic and once installed on a device it begins mining cryptocurrency, and…
The Swedish cryptocurrency exchange QuickBit was hit with a data breach affecting about 2 percent of its customer base through an unprotected MongoDB. Published reports put the number of accounts exposed at 300,000 with QuickBit stating the data involved was left unprotected while it was being migrated to a safer environment with names, addresses, e-mail…
Don’t let unauthorized cryptocurrency “miners” steal your company’s computer power — or worse! Cryptomining — the name itself sounds like it is almost like printing money using your computer. And it just might be for individuals, investors, and others with the right mix of savvy, capital, good timing, and a whole lot of luck. But…
MyDashWallet.org is recommending that its users remove any funds from their wallets as the site has been compromised for the past two months. MyDashWallet, which calls itself the fastest and easiest way to use DASH cryptocurrency, noted on its site that an associated external site serving CryptoJS scripts was compromised with the end result being…
The cybercriminal group ShadowGate has emerged from a long quiet period, launching a global malvertising campaign that redirects victims to the Greenflash Sundown exploit kit, in order to infect them with SEON ransomware, a cryptominer and the Pony credential-stealer. Also known as WordsJS, the ShadowGate group is more typically known for targeting Asia, especially South…
