Researchers last week detected a fake Adobe piracy app that infects Mac users with a one-two combination of the EmPyre backdoor/post-exploitation agent and the XMRig cryptominer. The app pretends to be Adobe Zii, a software program that facilitates the cracking and digital piracy of Adobe products, reports Thomas Reed, director of Mac and mobile at Malwarebytes,…
A two-month Monero cryptomining campaign targeted both Linux-based servers and Internet of Things devices with a newly discovered malware family called “Linux Rabbit,” researchers have reported. The operation occurred in two phases, each of which used a distinct version of Linux Rabbit that shares the same code base as the other iteration, according to a Dec. 6…
An open-source code stored in a popular JavaScript library was poisoned by its latest administrator with a malicious code allowing an attacker to swipe Bitcoin from Bitpay and Copay wallets. The attacker injected a malicious code, called Event-Stream, into a NodeJS package that is used by the Copay and BitPay apps enabling an attacker to…
Researchers at antivirus company Dr.Web have discovered a malicious Monero cryptominer specifically designed for Linux machines, with additional functionality that also allows it to operate as a backdoor. Named Linux.BtcMine.174, the trojan is described as a shell script containing over 1,000 lines of code. To receive its malicious commands from the attackers, the malware downloads and runs…
Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website. Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any…
Windows users in Europe have recently been the target of a sophisticated malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers. Named DarkGate by its developer, the malware is reportedly distributed via Torrent files disguised as popular entertainment offerings — including the Spanish basketball dramedy…
Scammers impersonating Elon Musk managed to hack the verified Twitter accounts of Target and several others in a cryptocurrency fraud scheme promising huge Bitcoin giveaways Tuesday morning. Hackers were briefly able to get ahold of the Target Twitter page for about a half hour when they used the big-box retailer’s account to promote “the biggest crypto-giveaway…
The high return rate offered by cryptocurrency mining operations is encouraging cybercriminals to put extra thought into how to hide their mining malware so it can function for as long as possible before discovery. One such effort researched by Trend Micro focuses on Coinminer.Win32.MALXMR.TIAOODAM uses Windows Installer as its cloak of invisibility. Trend researchers Janus…
A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…
An unusually deceptive “Flash update” scam that installs unwanted programs on infected machines has been attempting to feign legitimacy by displaying pop-up notifications borrowed from the official Adobe installer, as well as by actually installing the latest version of Flash. A malicious Flash installer using this combination tricks in order to appear credible is “unprecedented…
