Search results for bitcoin malware | Breaking Cybersecurity News | The Hacker News

The increasing public attention of Bitcoin did not go unnoticed by Cyber Criminals who have begun unleashing Bitcoin Mining malware. Security researchers at Malwarebytes warned about a new malware threat, in which Bitcoin Miners are bundled with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. Malware allow cybercriminals to utilize systems' computing resources for their own gain. " This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash. " The malware is found to be using ' jhProtominer ' a popular mining software that runs via the command line, to abuse the CPUs and GPUs of infected computers to generate Bitcoins. Upon further investigation Malwarebytes found that the parent of the Bitcoin miner was " monitor.exe ", a part of YourFreeProxy application, which " beacons out constantly, waiting for commands from a remote server, eventually downlo...

Researchers from Kaspersky Lab have discovered a new spam message campaign being transmitted via Skype contains malware capable of using an infected computer to mine for Bitcoins. The malware, identified as Trojan.Win32.Jorik.IRCbot.xkt . Bitcoin is a non-governmental, fully-digital currency based on an open-source and peer-to-peer internet protocol. Cybercriminals have figured out that distributed Bitcoin mining is a perfect task for botnets and have started developing malware that can abuse the CPUs and GPUs of infected computers to generate Bitcoins. " Bitcoin mining is the process of making computer hardware do mathematical calculations for the Bitcoin network to confirm transactions and increase security, " Victims are encouraged to install malware file that is included with messages like " this my favourite picture of you ". Those who click the links, infected with a virus dropper downloaded from a server in India. If the malicious file is ins...

Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it. Emsisoft has detected a new piece of malware called " Linkup ", dubbed as " Trojan-Ransom.Win32.Linkup " that doesn't lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot.  Sounds Interesting?? Once the Linkup Trojan is installed in your system, it makes a copy of itself and disables the selected Windows Security and Firewall services to facilitate the infection. Injected poisoned DNS Server will only allow the malware and Bitcoin miner to communicate with the internet. It display a bogus notification on the victim's web browser, which is supposed to be from the Council of Europe , that accuses you of viewing " Child Pornography " and only returns th...

If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts' credentials. Dubbed FacexWorm , the attack technique used by the malicious extension first emerged in August last year, but researchers noticed the malware re-packed a few new malicious capabilities earlier this month. New capabilities include stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the web page for mining cryptocurrency, and redirecting victims to the attacker's referral link for cryptocurrency-related referral programs. It is not the first malware to abuse Facebook Messenger...

A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet, which allow users to store and share their data and backups with multiple computers. Independently discovered by researchers at two separate security firms, Intezer and Anomali, the new ransomware family targets poorly protected or vulnerable QNAP NAS servers either by brute forcing weak SSH credentials or exploiting known vulnerabilities. Dubbed " QNAPCrypt " by Intezer and " eCh0raix " by Anomali, the new ransomware is written in the Go programming language and encrypts files with targeted extensions using AES encryption and appends .encrypt extension to each. However, if a compromised NAS devic...

This News will blow everyone's mind! If you are a bitcoins holder then you might be aware of  MtGox , Once the World's biggest Bitcoin exchange .  MtGox  filed for bankruptcy last month after saying it lost some 8,50,000 Bitcoins to hackers and suddenly went dark with no explanations. A few days ago, some unknown hacker breached into the personal blog and Reddit account of MTgox CEO,  Mark Karpeles  to level charges of fraud. But, Hackers are very clever to avail every eventuality they get. After compromising the MtGox CEO's blog, the hacker posted a 716MB ZIP file, MtGox2014Leak.zip , which contains the data dump and specialized software tools for remote access to MtGox data, but these software tools turned out to be a Bitcoin wallet stealing malware , according to the research carried out by the Kaspersky Lab Expert , Sergey Lozhkin. The application was actually a malware, which was created to search and steal Bitcoin wallet files fr...

The Security Software company Malwarebytes has discovered a malicious scam spreading through rogue tweets by a number of fake Twitter accounts with a link to a story that says the United States Government is trying to ban cryptocurrency Bitcoin. " The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse, " wrote Adam Kujawa of Malwarebytes in a blog post on Thursday. In most cases, cybercriminals use to spread the malicious software via an email, but distribution of malware through social media is relatively new tantrum of cyber criminals, as more people are fond of social media platforms now a days. Adam discovered the scam and according to him the worst part of this new Twitter scam is that even without realizing the impact of this fake news, other Twitter users are retweeting from their accounts, making the malware scam more worse. The tweets contain links lead...

Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable. While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files, cryptocurrency miners utilize infected system's CPU power to mine digital currencies . Both ransomware and cryptocurrency mining-based attacks have been the top threats so far this year and share many similarities such as both are non-sophisticated attacks, carried out for money against non-targeted users, and involve digital currency. However, since locking a computer for ransom doesn't always guarantee a payback in case victims have nothing essential to losing, in past months cybercriminals have shifted more towards fraudulent cryptocurrency ...

Are you the one of the Digital Currency Holder? PONY is after You.  A Group of cyber criminals has used hundreds of thousands of infected computers of the digital currency holders to filch approximately $220,000 worth of Bitcoins and other virtual currencies. The researchers at the security firm, Trustwave have uncovered the Bitcoin Heist that was accomplished by the computers infected with a new class of malware that has been dubbed as ' Pony ', a very powerful type of Spying Keylogger Malware with very dangerous features that was last time found two months ago. Pony, for those who have not yet heard about it, is a bot controller much like any other, with the capability to capture all kinds of confidential information and access passwords. It contains a control panel, user management, logging features, a database to manage all the data and, of course, the statistics. It can see the passwords and login credentials of infected users when they access applications ...

Google always bound to face trouble over the wide and open nature of its app checking policies on Google Play Store, and despite so many security measures, the search engine giant mostly fails to recognize the Android malware that are lurking around its Google Play store in vast numbers. Recently, Google had offered users refund and additional credit of $5 for the bogus antivirus app ' Virus Sheild ' that potentially defrauded more than 10,000 Android users who have downloaded the app from the Google play store. The step taken by Google is really appreciated, as the refunding cost Google around $269,000. Now, it has been found that a number of malicious Android apps on the Google Play store secretly turn users' android devices into small rigs contributing to a large-scale crypto currency mining operation. CRYPTO MINER IN ANDROID APP Security researchers from an anti-malware firm Lookout have identified various malware apps at Google Play Store, which they dub...

The TorRAT malware was first appeared in 2012 as spying tool only. But from August 2012, Bitcoin Mining feature was added and it became a powerful hacking tool that was commonly associated with attacks on Financial institutions. ab This year TorRat Malware targeted two out of three major Banks in the Netherlands and the  criminals stole over Million Dollars from user' Banking Accounts. The Dutch  police has arrested four men from Alkmaar, Haarlem, Woubrugge and Roden on last Monday, who are suspected of involvement in the large scale digital fraud and money laundering case using TorRat Malware. Using Spear Phishing techniques, gang  targeted the victims to access their computers and the Financial accounts. The gang used anonymous VPN services, Bitcoins, TorMail and the Tor network itself to remain anonymous. Malware is also capable of manipulating the information during online banking , can secretly add new payment orders and also abl...

Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft's Windows operating system. Besides this, the newly discovered Janus vulnerability in the Android operating system and a critical remote code execution (RCE) vulnerability in Malware Protection Engine (MPE) for which Microsoft released an emergency patch made their places in our weekly roundup. I recommend you to read the entire news (just click 'Read More' because there's some valuable advice in there as well). So, here we go with the list of this Week's Top Stories: Process Doppelgänging: New Malware Evasion Technique A team of researchers, who previously discovered AtomBombing...

As it was speculated that the author of LuminosityLink RAT was arrested last year, a plea agreement made available to the public today confirmed the news. Back in September last year, Europol's European Cybercrime Centre (EC3) and National Crime Agency began the crackdown on the LuminosityLink RAT, targeting sellers and users of the malware, which resulted in the seizure of a considerable number of computers and internet accounts across the world, and complete takedown of the threat. Colton Grubbs , a 21-year-old man from Kentucky, the developer of the LumunosityLink RAT has pleaded guilty to federal charges of creating, selling and providing technical support for the malware to his customers, who used it to gain unauthorized access to thousands of computers across 78 countries worldwide. First surfaced in April 2015, the LuminosityLink RAT (Remote Access Trojan), also known as Luminosity, was a hacking tool that was sold for $40, marketing itself as a legitimate tool for Wi...

The popularity of Brazil's  PIX  instant payment system has made it a  lucrative target for threat actors  looking to generate illicit profits using a new malware called GoPIX . Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off  using malicious ads  that are served when potential victims search for "WhatsApp web" on search engines. "The cybercriminals employ malvertising: their links are placed in the ad section of the search results, so the user sees them first," the Russian cybersecurity vendor  said . "If they click such a link, a redirection follows, with the user ending up on the malware landing page." As other malvertising campaigns observed recently, users who click on the ad will be redirected via a cloaking service that is meant to filter sandboxes, bots, and others not deemed to be genuine victims. This is accomplished by using a legitimate fraud prevention solution known as ...

Cryptocurrency users are being targeted with a new clipper malware strain dubbed  Laplas  by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other  commodity trojans  like  SystemBC  and  Raccoon Stealer 2.0 , according to an  analysis  from Cyble. Observed in the wild since circa 2013,  SmokeLoader  functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called  Amadey . Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment. Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls  cryware , which are designed to steal crypto by keeping close tabs on a vic...

Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe. Collectively called the "Tetrade" by Kaspersky researchers, the malware families — comprising Guildma, Javali, Melcoz, and Grandoreiro — have evolved their capabilities to function as a backdoor and adopt a variety of obfuscation techniques to hide its malicious activities from security software. "Guildma, Javali, Melcoz and Grandoreiro are examples of yet another Brazilian banking group/operation that has decided to expand its attacks abroad, targeting banks in other countries," Kaspersky said in an analysis . "They benefit from the fact that many banks operating in Brazil also have operations elsewhere in Latin America and Europe, making it easy to extend their attacks against customers of these financial institutions." A Multi-Stage Malware Deployment Process...