monero cryptocurrency | Breaking Cybersecurity News | The Hacker News

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar Zahravi and Peter Girnus  said  in a report this week. Enigma is said to be an altered version of Stealerium, an open source C#-based malware that acts as a stealer, clipper, and keylogger. The intricate infection journey starts with a rogue RAR archive file that's distributed via phishing or social media platforms. It contains two documents, one of which is a .TXT file that includes a set of sample interview questions related to cryptocurrency. The second file is a Microsoft Word document that, while serving as a decoy, is tasked with launching the first-stage Enigma loader,

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the official site didn't match the hashes listed on it. Following an immediate investigation, the Monero team today also confirmed that its website, GetMonero.com , was indeed compromised, potentially affecting users who downloaded the CLI wallet between Monday 18th 2:30 am UTC and 4:30 pm UTC. At this moment, it's unclear how attackers managed to compromise the Monero website and how many users have been affected and lost their digital funds. According to an analysis of the malicious binaries done by security researcher BartBlaze, attackers modified legitimate binaries to inject

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites . For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal , WordPress , and others ] to hack thousands of websites and wireless routers , and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking , to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background.

Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners to embed JavaScript code that utilizes their website visitors' CPUs power in order to mine the Monero cryptocurrency for monetization. However, since its inception, mid-2017, cybercriminals have been abusing the service to illegally make money by injecting their own version of CoinHive JavaScript code to a large number of hacked websites, eventually tricking their millions of visitors into unknowingly mine Monero coins. Since a lot of web application security firms and antivirus companies have now updated their products to detect unauthorized injection of CoinHive JavaScript, cybercriminals have now started abusing a different service from CoinHive to achieve the same. Hackers

The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2 that could allow attackers to completely take over vulnerable websites has now been exploited in the wild to deliver malware backdoors and cryptocurrency miners. Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the company without releasing its technical details. However, just a day after security researchers at Check Point and Dofinity published complete details, a Drupalgeddon2 proof-of-concept (PoC) exploit code was made widely available, and large-scale Internet scanning and exploitation attempts followed. At the time, no incident of targets being hacked was reported, but over the weekend, several security firms noticed that attackers have now started exploiting the vulnerability to install cryptocurrency miner and other malware on vulnerable websites. The SANS Internet Storm Center spotted so

Due to the recent surge in cryptocurrency prices, threat actors are increasingly targeting every platform, including IoT, Android, and Windows, with malware that leverages the CPU power of victims' devices to mine cryptocurrency. Just last month, Kaspersky researchers spotted fake antivirus and porn Android apps infected with malware that mines Monero cryptocurrency, launches DDoS attacks, and performs several other malicious tasks, causing the phone's battery to bulge out of its cover. Now, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new piece of wormable Android malware, dubbed ADB.Miner , that scans wide-range of IP addresses to find vulnerable devices and infect them to mine digital cryptocurrency. According to the researchers, ADB.Miner is the first Android worm to reuse the scanning code programmed in Mirai —the infamous IoT botnet malware that knocked major Internet companies offline last year by launching massive DDoS attac

2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue —the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry . Researchers from Proofpoint discovered a massive global botnet dubbed "Smominru," a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master. Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Wi