#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

cryptocurrency mining malware | Breaking Cybersecurity News | The Hacker News

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub
Jun 25, 2020
With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images. "Docker containers provide a convenient way for packaging software, which is evident by its increasing adoption rate," Unit 42 researchers said . "This, combined with coin mining, makes it easy for a malicious actor to distribute their images to any machine that supports Docker and instantly starts using its compute resources towards cryptojacking." Docker is a well-known platform-as-a-servic

This Cryptomining Malware Launches Linux VMs On Windows and macOS

This Cryptomining Malware Launches Linux VMs On Windows and macOS
Jun 21, 2019
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed " LoudMiner " and also " Bird Miner, " the attack leverages command-line based virtualization software on targeted systems to silently boot an image of Tiny Core Linux OS that already contains a hacker-activated cryptocurrency mining software in it. Isn't it interesting to use emulation to run single-platform malware on cross-platforms? Spotted by researchers at ESET and Malwarebytes , attackers are distributing this malware bundled with pirated and cracked copies of VST (Virtual Studio Technology) software on the Internet and via Torrent network since August 2018. VST applications contain sounds, effects, synthesizers, and other advanced editing features that allow tech-centric audio professionals to create music.

Hands-on Review: Cynomi AI-powered vCISO Platform

Hands-on Review: Cynomi AI-powered vCISO Platform
Apr 10, 2024vCISO / Risk Assessment
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours

New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours
Mar 08, 2018
Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent. Dubbed Dofoil , aka Smoke Loader , the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins, yet another cryptocurrency, for attackers using victims' CPUs. On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded. The research team found that all these instances, rapidly spreading across Russia, Turkey, and Ukraine, were carrying a digital coin-mining payload, which masqueraded as a legitimate Windows binary to evade detection. However, Microsoft has not mentioned how these instances were delivered to such a massive audienc

WATCH: The SaaS Security Challenge in 90 Seconds

cyber security
websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.

Hackers Exploit 'Telegram Messenger' Zero-Day Flaw to Spread Malware

Hackers Exploit 'Telegram Messenger' Zero-Day Flaw to Spread Malware
Feb 13, 2018
A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash. The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software. The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist. Here's How Telegram Vulnerability Works The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, li

Thousands of Government Websites Hacked to Mine Cryptocurrencies

Thousands of Government Websites Hacked to Mine Cryptocurrencies
Feb 12, 2018
There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies. Thousands of government websites around the world have been found infected with a specific script that secretly forces visitors' computers to mine cryptocurrency for attackers. The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK's National Health Service (NHS), the Student Loan Company, and data protection watchdog Information Commissioner's Office (ICO), Queensland legislation, as well as the US government's court system. Users who visited the hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking, to mine cryptocurrency without their knowledge, potentially generating profits for the unknown hacker or group of hackers.

Watch Out! New Cryptocurrency-Mining Android Malware is Spreading Rapidly

Watch Out! New Cryptocurrency-Mining Android Malware is Spreading Rapidly
Feb 06, 2018
Due to the recent surge in cryptocurrency prices, threat actors are increasingly targeting every platform, including IoT, Android, and Windows, with malware that leverages the CPU power of victims' devices to mine cryptocurrency. Just last month, Kaspersky researchers spotted fake antivirus and porn Android apps infected with malware that mines Monero cryptocurrency, launches DDoS attacks, and performs several other malicious tasks, causing the phone's battery to bulge out of its cover. Now, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new piece of wormable Android malware, dubbed ADB.Miner , that scans wide-range of IP addresses to find vulnerable devices and infect them to mine digital cryptocurrency. According to the researchers, ADB.Miner is the first Android worm to reuse the scanning code programmed in Mirai —the infamous IoT botnet malware that knocked major Internet companies offline last year by launching massive DDoS attac

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security
Feb 05, 2018
The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit
Feb 01, 2018
2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue —the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry . Researchers from Proofpoint discovered a massive global botnet dubbed "Smominru," a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master. Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Wi
Cybersecurity Resources