#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

cryptocurrency mining | Breaking Cybersecurity News | The Hacker News

Category — cryptocurrency mining
New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

Feb 01, 2019
Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts. Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the malware has specifically been designed to target Mac users and is believed to be based on DarthMiner, another Mac malware that was detected in December last year. Uncovered by Palo Alto Networks' Unit 42 security research team, CookieMiner also covertly installs coin mining software onto the infected Mac machines to secretly mine for additional cryptocurrency by consuming the targeted Mac's system resources. In the case of CookieMiner, the software is apparently geared toward mining "Koto," a lesser-known, privacy-oriented cryptocurrency which is mostly used in Japan. However, the most interesting capabilities of the new Mac malware is to steal: Both Google Chro
New Malware Combines Ransomware, Coin Mining and Botnet Features in One

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Sep 19, 2018
Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners . According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/ NotPetya . In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization's network. Developed in Python, XBash hunts for vul
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

Aug 03, 2018
Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing. The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time. The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router. The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 Mikro
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Google Bans Cryptocurrency Mining Android Apps From the Play Store

Google Bans Cryptocurrency Mining Android Apps From the Play Store

Jul 27, 2018
Following Apple's lead in banning cryptocurrency mining apps , Google has also updated its Play Store policy this week to ban apps that mine cryptocurrencies on users' devices in the background. However, there are countless cryptocurrency mining apps, including MinerGate, AA Miner, NeoNeonMiner, and Crypto Miner, still available on the Play Store. Cryptocurrency mining is not a new concept, but the technology has recently been abused in the past year after hackers found it a great way to make millions of dollars by hijacking PCs to secretly mine cryptocurrency in the background without their users' knowledge or consent. Due to this practice, cryptocurrency mining has emerged as one of the biggest threats , raising negative sentiments towards this alternative revenue scheme, and big tech giants like Apple and Google took strict measures to put restrictions on such apps. Over a month ago, Apple updated its App Store guidelines to ban cryptocurrency mining apps and
New Virus Decides If Your Computer Good for Mining or Ransomware

New Virus Decides If Your Computer Good for Mining or Ransomware

Jul 05, 2018
Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable. While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files, cryptocurrency miners utilize infected system's CPU power to mine digital currencies . Both ransomware and cryptocurrency mining-based attacks have been the top threats so far this year and share many similarities such as both are non-sophisticated attacks, carried out for money against non-targeted users, and involve digital currency. However, since locking a computer for ransom doesn't always guarantee a payback in case victims have nothing essential to losing, in past months cybercriminals have shifted more towards fraudulent cryptocurrency
TRON Cryptocurrency Founder Buys BitTorrent, µTorrent for $140 Million

TRON Cryptocurrency Founder Buys BitTorrent, µTorrent for $140 Million

Jun 19, 2018
BitTorrent, the company which owns the popular file-sharing client uTorrent, has quietly been sold for $140 million in cash to Justin Sun, the founder of blockchain-focused startup TRON. TRON is a decentralized entertainment and content-sharing platform that uses blockchain and distributed storage technology. It allows users to publish content without having to use third-party platforms such as YouTube or Facebook, and trades in Tronix (TRX) cryptocurrency. Since BitTorrent is one of the most recognizable brands in the world for decentralized computing and peer-to-peer (P2P) networking, and TRON aims to establish a truly decentralized Internet, BitTorrent would be of great use for Sun to help achieve that goal. There were reports that the two were in negotiations for at least a month, and just yesterday, Variety reported that BitTorrent Inc. was sold to Sun last week, but the report did not disclose the deal price. Now, TechCrunch is reporting that TRON's founder has
Apple Bans Cryptocurrency Mining Apps From Its App Stores

Apple Bans Cryptocurrency Mining Apps From Its App Stores

Jun 12, 2018
Due to the surge in cryptocurrency prices, not only hackers but also legitimate websites and mobile apps are increasingly using cryptocurrency miners to monetize by levying the CPU power of your PC and phones to mine cryptocurrencies. However, Apple wants to protect your Mac and iPhone battery from shady cryptocurrency mining apps, and therefore, the company has put restrictions on such apps by disallowing them in its official App Store. The company has updated the Hardware Compatibility section of its App Store guidelines, which now explicitly restrict iOS and Mac apps and ads from mining cryptocurrency in the background. "Apps, including any third party advertisements displayed with them, may not run unrelated background processes, such as cryptocurrency mining," the updated guidelines read. The update reportedly occurred last week, possibly in response to popular Mac app Calendar 2 that bundled a Monero (XMR) miner in with its premium upgrade that unlocked &
Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go Wrong?

Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go Wrong?

May 09, 2018
Shortly after Microsoft announced support for custom JavaScript functions in Excel, someone demonstrated what could possibly go wrong if this feature is abused for malicious purposes. As promised last year at Microsoft's Ignite 2017 conference, the company has now brought custom JavaScript functions to Excel to extend its capabilities for better work with data. Functions are written in JavaScript for Excel spreadsheets currently runs on various platforms, including Windows, macOS, and Excel Online, allowing developers to create their own powerful formulae. But we saw it coming: Security researcher Charles Dardaman leveraged this feature to show how easy it is to embed the infamous in-browser cryptocurrency mining script from CoinHive inside an MS Excel spreadsheet and run it in the background when opened. "In order to run Coinhive in Excel, I followed Microsoft's official documentation and just added my own function," Dardaman said . Here is an official doc
A New Cryptocurrency Mining Virus is Spreading Through Facebook

A New Cryptocurrency Mining Virus is Spreading Through Facebook

May 01, 2018
If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts' credentials. Dubbed FacexWorm , the attack technique used by the malicious extension first emerged in August last year, but researchers noticed the malware re-packed a few new malicious capabilities earlier this month. New capabilities include stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the web page for mining cryptocurrency, and redirecting victims to the attacker's referral link for cryptocurrency-related referral programs. It is not the first malware to abuse Facebook Messenger
Google Bans Cryptocurrency Mining Extensions From Chrome Web Store

Google Bans Cryptocurrency Mining Extensions From Chrome Web Store

Apr 03, 2018
In an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users' awareness, Google has implemented a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. Over the past few months, we have seen a sudden rise in malicious extensions that appear to offer useful functionality, while embedding hidden cryptocurrency mining scripts that run in the background without the user's knowledge. Last month, cryptocurrency miners were even found in a Russian nuclear weapons lab and on thousands of government websites . In January, cryptocurrency mining malware also infected more than half-million PCs . Until now, only those cryptocurrency mining extensions were allowed on the Chrome Web Store that are solely intended for mining, and explicitly informed users about its working and revenue model. If the company finds any mining extension developers submitted was not in compliance and secre
Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account

Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account

Mar 13, 2018
Nothing comes for free, especially online. Would you be okay with allowing a few paid services to mine cryptocurrencies using your system instead of paying the subscription fee? Most free websites and services often rely on advertising revenue to survive, but now there is a new way to make money—using customers' computer to generate virtual currencies. It was found that a scheduling app, dubbed Calendar 2, was embracing cryptocurrency mining in exchange for free access to its app premium features, but the developer has to take it down from the Apple App Store following reports that it's not working as intended. Cryptocurrency mining is not a new concept, but the technology has recently exploded after hackers found it a great way to make millions of dollars by hijacking computers to secretly perform cryptocurrency mining in the background without users' knowledge or consent. Due to this cryptocurrency mining has emerged as one of the biggest threats in recent mon
New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours

New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours

Mar 08, 2018
Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent. Dubbed Dofoil , aka Smoke Loader , the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins, yet another cryptocurrency, for attackers using victims' CPUs. On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded. The research team found that all these instances, rapidly spreading across Russia, Turkey, and Ukraine, were carrying a digital coin-mining payload, which masqueraded as a legitimate Windows binary to evade detection. However, Microsoft has not mentioned how these instances were delivered to such a massive audienc
Thousands of Government Websites Hacked to Mine Cryptocurrencies

Thousands of Government Websites Hacked to Mine Cryptocurrencies

Feb 12, 2018
There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies. Thousands of government websites around the world have been found infected with a specific script that secretly forces visitors' computers to mine cryptocurrency for attackers. The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK's National Health Service (NHS), the Student Loan Company, and data protection watchdog Information Commissioner's Office (ICO), Queensland legislation, as well as the US government's court system. Users who visited the hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking, to mine cryptocurrency without their knowledge, potentially generating profits for the unknown hacker or group of hackers.
Russian Scientists Arrested for Using Nuclear Weapon Facility to Mine Bitcoins

Russian Scientists Arrested for Using Nuclear Weapon Facility to Mine Bitcoins

Feb 10, 2018
Two days ago when infosec bods claimed to have uncovered what's believed to be the first case of a SCADA network (a water utility) infected with cryptocurrency-mining malware, a batch of journalists accused other authors of making fear-mongering headlines, taunting that the next headline could be about cryptocurrency-miner detected in a nuclear plant. It seems that now they have to run a story themselves with such headlines on their website because Russian Interfax News Agency yesterday reported that several scientists at Russia's top nuclear research facility had been arrested for mining cryptocurrency with "office computing resources." The suspects work as engineers at the Russian Federation Nuclear Center facility—also known as the All-Russian Research Institute of Experimental Physics—which works on developing nuclear weapons. The center is located in Sarov, Sarov is still a restricted area with high security. It is also the birthplace of the Soviet Uni
How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

Feb 05, 2018
The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i
Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

Feb 01, 2018
2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue —the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry . Researchers from Proofpoint discovered a massive global botnet dubbed "Smominru," a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master. Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Wi
Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

Dec 22, 2017
If you receive a video file ( packed in zip archive ) sent by someone ( or your friends ) on your Facebook messenger — just don't click on it. Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices. Dubbed Digmine , the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name "video_xxxx.zip" (as shown in the screenshot), but is actually contains an AutoIt executable script. Once clicked, the malware infects victim's computer and downloads its components and related configuration files from a remote command-and-control (C&C) server. Digimine primarily installs a cryptocurrency miner, i.e.  miner.exe—a modified version of an open-source Monero miner known as XMRig —which silently mines the Monero cryptocurrency in the background for h
Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals

Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals

Dec 20, 2017
The North Korean hacking group has turned greedy. Security researchers have uncovered a new widespread malware campaign targeting cryptocurrency users, believed to be originated from Lazarus Group , a state-sponsored hacking group linked to the North Korean government. Active since 2009, Lazarus Group has been attributed to many high profile attacks, including Sony Pictures Hack , $81 million heists from the Bangladesh Bank , and the latest — WannaCry . The United States has officially blamed North Korea for global WannaCry ransomware attack that infected hundreds of thousands of computers across more than 150 countries earlier this year. In separate news, security experts have blamed Lazarus group for stealing bitcoins worth millions from the South Korean exchange Youbit , forcing it to shut down and file for bankruptcy after losing 17% of its assets. Researchers from security firm Proofpoint have published a new report, revealing a connection between Lazarus Group and a
Expert Insights / Articles Videos
Cybersecurity Resources