#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

mining software | Breaking Cybersecurity News | The Hacker News

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

Aug 15, 2022
A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named " secretslib " and  downloaded 93 times  prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters," Sonatype researcher Ax Sharma  disclosed  in a report last week. It achieves this by executing a Linux executable file retrieved from a remote server post installation, whose main task is to drop an  ELF  file (" memfd ") directly in memory that functions as a Monero cryptominer, after which it gets deleted by the "secretslib" package. "The malicious activity leaves little to n
Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign

Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign

Jul 07, 2022
Researchers have disclosed what they say could be an attempt to kick-off a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed  CuteBoi , involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was done using automation which includes the ability to pass the NPM 2FA challenge," Israeli application security testing company Checkmarx  said . "This cluster of packages seems to be a part of an attacker experimenting at this point." All the released packages in question are said to harbor near-identical source code from an already existing package named eazyminer that's used to mine Monero by means of utilizing unused resources on web servers. One notable modification entails the URL to which the mined cryptocurrency should be sent, although installing the rogue
CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management

CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management

Mar 12, 2024CTEM / Vulnerability Management
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you'd want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a  Continuous Threat Exposure Management (CTEM)  program.  CTEM is an approach to cyber risk management that combines attack simulation, risk prioritization, and remediation guidance in one coordinated process. The term Continuous Threat Exposure Management first appeared in the Gartner ® report, Implement a Continuous Threat Exposure Management Program (CTEM) (Gartner, 21 July 2022,). Since then, we have seen that organizations across the globe are seeing the benefits of this integrated, continual approach. Webinar: Why and How to Adopt the CTEM Framework XM Cyber is hosting a webinar featuring Gartner VP Analyst Pete Shoa
Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Sep 28, 2017
Mining cryptocurrencies can be a costly investment as it takes a monstrous amount of computing power, and thus hackers have started using malware that steals computing resources of computers it hijacks to make lots of dollars in digital currency. Security researchers at security firm ESET have spotted one such malware that infected hundreds of Windows web servers with a malicious cryptocurrency miner and helped cybercriminals made more than $63,000 worth of Monero (XMR) in just three months. According to a report published by ESET today, cybercriminals only made modifications to legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched Windows servers. Although ESET's investigation does not identify the attackers, it reports that the attackers have been infecting unpatched Windows web servers with the cryptocurrency miner since at least May 2017 to mine 'Monero,' a Bitcoin-like
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Cybersecurity Resources