Cryptocurrency | SC Media

Cryptocurrency

Researchers exploit crypto wallet bug before hackers to save customer funds

A cryptocurrency startup exploited a backdoor in its own platform to protect its customer’s funds after threat actors had spotted and attempted to exploit the flaw. Researchers on the npm, Inc security team discovered a backdoor in the Agama cryptocurrency wallet on the Komodo platform during a security audit of the platform. “This attack focused…

BlackSquid malware wants to wrap its tentacles around web servers and drives

Researchers have discovered a new malware family that uses a set of eight exploits to compromise web servers, network drives and removable drives. Dubbed BlackSquid, the malware has been observed dropping XMRig cryptominer programs, but attackers could easily use it to deliver other nasty payloads to infected devices, as well as obtain unauthorized access, escalate…

Nansh0u cryptomining cryptomining hit 50,000 servers

A China-based cryptomining malware campaign dubbed Nansh0u has targeted and infected up to 50,000 servers Windows MS-SQL and PHPMyAdmin servers worldwide. Guardicore researchers disclosed the campaign which took place between February 26 and April 11 of this year, in a May 29 blog post and described it as more than just a typical cryptomining attack…

Malvertising scheme abuses Yandex.Direct, targets Russian accountants with assorted malware

Cybercriminals are abusing the Yandex.Direct online advertising service in order to serve up malicious ads that target Russian accountants with the goal of infecting them with banking trojans and ransomware. Researchers from ESET have so far linked six malware programs to this campaign, which began in October and continues to this day. During periods of…

Flaw in Confluence collaboration products exploited to deliver GandCrab, AESDDoS Botnet malware

Malicious actors have been serving up GandCrab ransomware and a variant of AESDDoS Botnet malware by exploiting a recently patched vulnerability in two “Confluence” team collaboration products from Australia-based Atlassian. GandCrab is a malicious encryption program that first emerged in early 2018, while the AESDDoS variant is a more versatile program capable of remote code…

New cryptomining worm Beapy targets Asian enterprises while ignoring consumers

Researchers have discovered a previously unknown, file-based cryptominer worm that has been heavily targeting enterprises based in Asia. The researchers, from Symantec Corporation’s Security Response Attack Investigation Team, believe this latest threat perpetuates what they describe as a recent trend in cryptojacking: focusing on large business and organizations rather than consumers. Dubbed Beapy, the Python-based…

Upgraded Cardinal RAT malware targets Israeli fintech firms

A pair of Israeli financial technology companies were recently the target of a malware campaign featuring an updated version of the rarely seen Cardinal remote access trojan, researchers from Palo Alto Networks’ Unit 42 team are reporting. And in a possibly related incident, one of the two unnamed companies was similarly attacked with EVILNUM, a…

Coinhive closes its doors

The popular in-browser cryptomining service Coinhive will shutter operations next week, claiming the service isn’t economically viable anymore. The Monero mining feature offered any website a “legitimate” way to generate income without relying on online advertisements or revenue by using a small piece of Javascript embedded on a webpage to leach computing power from visiting…

Ransomware out, formjacking in as primary attack vectors

Quick and easy attack methods like formjacking gained popularity among cybercriminals last year, while more tried and true approaches like ransomware fell to the wayside in 2018, according to a new report. The reasoning behind this switch, according to Symantec’s just-released Internet Security Threat Report, is quite straight-forward. Formjacking, which entails placing malware on a…

Monero miner combines RADMIN and MIMKATZ to spread and infect

A Monero miner-malware is leveraging RADMIN and MIMKATZ for propagation while exploiting critical vulnerabilities to spread in a worm-like behavior to covertly target specific systems in industries in China, Taiwan, Italy, and Hong Kong. Researchers noted an uptick in activities between the last week of January and February 2019 which coincidentally coincided with regional holiday…

Next post in Security News