#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

crypto mining | Breaking Cybersecurity News | The Hacker News

Category — crypto mining
Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

Aug 09, 2023 Cloud Security / Kubernetes
Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a  report  shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors. In total, Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals were discovered, 60% of which were the target of an active crypto-mining campaign. The publicly-accessible clusters, per Aqua, are said to suffer from two different kinds of misconfigurations: allowing anonymous access with high privileges and running kubectl proxy with the flags "--address=`0.0.0.0` --accept-hosts `.*`" "Housing a wide array of sensitive and valuable assets, Kubernetes clusters can store customer data, financial records, intellectual property, a...
Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

May 22, 2023 Cryptocurrency / Cloud Security
A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker  GUI-vil  (pronounced Goo-ee-vil). "The group displays a preference for Graphical User Interface (GUI) tools, specifically S3 Browser (version 9.5.5) for their initial operations," the company said in a report shared with The Hacker News. "Upon gaining AWS Console access, they conduct their operations directly through the web browser." Attack chains mounted by GUI-vil entail obtaining initial access by weaponizing AWS keys in publicly exposed source code repositories on GitHub or scanning for GitLab instances that are vulnerable to remote code execution flaws (e.g.,  CVE-2021-22205 ). A successful ingress is followed by privilege escalation and...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

Dec 12, 2022 Server Security / Linux
A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed  CHAOS . The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner. "The malware achieves its persistence by altering  /etc/crontab file , a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin," researchers David Fiser and Alfredo Oliveira  said . This step is succeeded by downloading next-stage payloads that consist of the XMRig miner and the Go-based CHAOS RAT. The cybersecurity firm said that the main downloader script and further payloads are hosted in multiple locations to make sure that the campaign remains active and new infections continue to happen. The CHAOS RAT, once downloaded and launched, transmi...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

Apr 14, 2022
A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from  Gafgyt 's source code but has been observed to borrow several modules from  Mirai 's original source code," Fortinet FortiGuard Labs  said  in a report this week. The botnet has been attributed to an actor named Keksec (aka  Kek Security , Necro, and  FreakOut ), which has been linked to multiple botnets such as  Simps ,  Ryuk  (not to be confused with the ransomware of the same name), and  Samael , and has a history of targeting cloud infrastructure to carry out crypto mining and DDoS operations. Primarily targeting routers from Seowon Intech, D-Link, and iRZ to propagate its infections and grow in volume, an analysis of the malware specimen has highlighted En...
'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware

'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware

Dec 27, 2022
Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape.  ReasonLabs , a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie.  As perhaps the most  talked-about movie for some time , Spiderman: No Way Home represents an excellent opportunity for hackers. It's a chance to connect with millions of potential targets, and hack into computers all around the globe. All today's malicious actors need to do is promise their victims access to the latest movie, and they get an all-access pass to their PC.  The cryptocurrency mining malware discovered by ReasonLabs disguises itself as a torrent for the Spiderman: No Way Home movie, encouraging viewers around the world to download the file, and open the computer to criminals.  Using a Mask: Trickin...
Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

Jun 25, 2021
A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits. Dubbed " Crackonosh ," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig for stealthily exploiting the infected host's resources to mine Monero. At least 30 different versions of the malware executable have been discovered between Jan. 1, 2018, and Nov. 23, 2020, Czech cybersecurity software company Avast  said  on Thursday, with a majority of the victims located in the U.S., Brazil, India, Poland, and the Philippines. Crackonosh works by replacing critical Windows system files such as "serviceinstaller.msi" and "maintenance.vbs" to cover its tracks and abuses the  safe mode , which prevents antivirus software from working, to...
Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

Dec 15, 2020
A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called " Gitpaste-12 ," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020. Now according to Juniper, the  second wave of attacks  began on November 10 using payloads from a different GitHub repository, which, among others, contains a Linux crypto-miner ("ls"), a file with a list of passwords for brute-force attempts ("pass"), and a local privilege escalation exploit for x86_64 Linux systems. Th...
Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

Aug 03, 2018
Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing. The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time. The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router. The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 Mikro...
Expert Insights / Articles Videos
Cybersecurity Resources