Tag Archive for: Cryptomining

Cryptomining Campaign Unleashes Modified Mirai Botnet

/in


Cryptocurrency Fraud
,
Endpoint Security
,
Fraud Management & Cybercrime

Latest Campaign Injects Song Lyrics and Other ‘Immature’ Elements Into Its Code

Prajeet Nair (@prajeetspeaks) •
January 10, 2024    

Cryptomining Campaign Unleashes Modified Mirai Botnet
A quirky Mirai botnet variant is dropping cryptomining malware. (Image: Shutterstock)

A new cryptomining campaign uses a quirkily customized Mirai botnet to spread cryptomining malware designed to hide the digital wallet that collects the ill-gotten gains.

See Also: JavaScript and Blockchain: Technologies You Can’t Ignore

Security researchers at Akamai dubbed the Mirai variation NoaBot and said that it uses a unique SSH scanner but also exhibits an unexpected touch of immaturity.

Mirai is a wormable botnet infamous for targeting Linux-based IoT devices. Numerous versions of Mirai are in the wild thanks to an anonymous coder who leaked source code online before its three original authors pleaded guilty in 2017.

Akamai researchers first spotted NoaBot in early 2023. They also identified a link between NoaBot and the P2PInfect worm, discovered in July 2023 by Unit 42.

Unlike the original Mirai, NoaBot spreads malware through secure shell protocol – not Telnet. The SSH scanner “seems to be custom made, and quite peculiar,” Akamai wrote. Once it establishes a connection, it sends a string “hi.” It makes sense to establish and quickly terminate a connection from an infected system. “Hi” is not a valid SSH packet, so Wireshark marks it as malformed.

“Why does it bother sending ‘hi,’ though? That’s a mystery,” Akamai…

Source…

This Cryptomining Tool Is Stealing Secrets

/in


As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

The US federal foreign intelligence collection tool—a frequently abused surveillance authority—known as Section 702 is facing its demise at the end of the year despite being viewed as the “crown jewel” of US surveillance powers. So far, no members of Congress have introduced a bill to prevent its January 1 sunset. And the identity-management platform Okta suffered a breach that had implications for nearly 200 of its corporate clients and brought up memories of a similar hack the company suffered last year that also had knock-on effects for customers.

An EU government body has been pushing a controversial proposal with far-reaching privacy implications in an attempt to combat child sexual abuse material, but its most outspoken advocates recently added to the drama significantly by essentially launching an influence campaign to support its passage. The long-foreseen nightmare of using generative AI to create digital child abuse materials has arrived with a flood of images, some of which are completely fabricated while others depict real victims generated from old datasets.

We also went deep this week on a…

Source…

Cryptomining Malware Sees 230% Increase in Q3 2022 / Digital Information World

/in


The recent shockwaves that were sent through the crypto world have made various crypto tokens extremely affordable, and it has also resulted in the entire industry experiencing an extended bear market with all things having been considered and taken into account. In spite of the fact that this is the case, malicious actors are still not letting up and are continuing to use cryptominers to profit from mining malware by infecting users who download pirated content from the internet.

With all of that having been said and now out of the way, it is important to note that there has been a 230% increase in cryptominer usage in the third quarter of 2022 alone, as reported by Kaspersky. There are now over 150,000 distinct cryptominers that are being used because of the fact that this is the sort of thing that could potentially end up allowing malicious actors to earn tens of thousands of dollars.

Monero is a popular cryptocurrency for these malicious actors since it allows them to stay more under the radar than might have been the case otherwise, but bitcoin is also being mined with these programs. The people who are infecting users with these mining programs often disguise them as being useful programs or cracks that can allow users to use paid programs free of charge.

Criminals can hijack computer systems and use their processing power to mine crypto. This is useful considering the high cost of electricity these days which has forced many legitimate miners to close up shop for the short term. Avoiding pirated content and software can be a useful way to avoid having your own systems used for such illicit purposes, but it will take a long time before this information makes its way into the mind of the average user.

Victims are often left with slow computer systems due to much of the processing power going towards crypto mining. They also get left with immense electricity bills and they often don’t know the reason for the bill being so high. Something must be done to curtail this activity because it is seriously hurting end users around the world.

Read next: New Report Confirms Gen Z Could Care Less About Cybersecurity At The Workplace

Source…

How this crypto-mining malware infected PCs through fake Google Translate app

/in


Recently, a crypto mining malware which was disguised as a Google Translate app, has been foraying into thousands of computers. According to a study by Check Point Research (CPR), this malware called the “Nitokod” has been developed by a Turkey based entity as a desktop application for Google Translate.

Many Google users have downloaded this app on their PCs in the absence of Google’s official desktop app for Translate services. Once this app is downloaded it establishes elaborate crypto mining operation set-up on the infected devices.

After the downloading of this malicious app, the malware installation process is triggered via a scheduled task mechanism. Later, this harmful malware puts in place a sophisticated mining setup for the Monero cryptocurrency based on the energy-intensive proof of work mining model. As a consequence, it provides the controller of this campaign, hidden access to the infected computers to scam users and later damage the systems.

The CPR report claims, “After the malware is executed, it connects to its C&C server to get a configuration for the XMRig crypto miner and starts the mining activity. The software can be easily found through Google when users search ‘Google Translate Desktop download’. The applications are trojanised and contain a delayed mechanism to unleash a long multi-stage infection.”

Reportedly, till now machines across at least 11 nations have been compromised via Nitrokod malware that was circulated from 2019. CPR has also posted updates and alerts about the crypto mining campaign on Twitter.

To recall, in a similar move earlier this year, Joker malware infected 50 apps on the Google Play Store, according to Zscaler Threatlabz. Google swiftly removed them from its app…

Source…