• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   cryptocurrency miner

Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch
  • Posted on:December 12, 2018 at 1:02 am
  • Posted in:Malware, Vulnerabilities
  • Author:
    Trend Micro
0

We detected mining activity on our honeypot that involves the search engine Elasticsearch, which is a Java-developed search engine based on the Lucene library and released as open-source. The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch.

Read More
Tags: cryptocurrency minerElasticsearch

Cryptocurrency-Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
  • Posted on:November 8, 2018 at 5:00 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

The concept of a stealthy, difficult-to-detect malware operating behind the scenes has proven to be an irresistible proposition for many threat actors, and they’re evidently adding even more techniques, as seen in a cryptocurrency miner (detected as Coinminer.Win32.MALXMR.TIAOODAM) we discovered that uses multiple obfuscation and packing as part of its routine.

Read More
Tags: cryptocurrencycryptocurrency minerWindows InstallerWiX

The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
  • Posted on:July 31, 2018 at 4:59 am
  • Posted in:Malware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

Current data on the threat landscape of North America shows the need for a comprehensive and proactive approach to security. A traditional approach would be to build a threat response team. However, to be effective against current threats, a threat response team needs to have a considerable amount of skills, time, and resources, which may not be feasible for some organizations. This is only exacerbated by the daily tasks associated with keeping the business up and running. If treated as just a part of the broader job of regular IT staff, threat management can prove overwhelming, as it includes vulnerability assessment, patching, firmware upgrades, vendor management, intrusion detection and prevention systems (IDS/IPS) and firewall monitoring, and other specialized focus areas. And even if enterprises were willing to allot people to react to security incidents, the sheer volume of events and the time-consuming tasks of prioritizing and analyzing them often prove too much to handle.

These could be handled better by security professionals especially focused on threats — an advantage that managed detection and response (MDR) can bring to organizations. MDR provides advanced threat hunting services, faster alert prioritization, root cause analysis, detailed research, and a remediation plan that empowers organizations with better ability to respond to sophisticated attacks, examples of which have been found throughout North America for the second quarter of 2018.

Read More
Tags: cryptocurrency minerinformation stealerManaged Detection and ResponseNorth Americaransomware

New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel
  • Posted on:July 26, 2018 at 7:01 am
  • Posted in:Bad Sites, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file system format (romfs). These make the exploit kits and its payload challenging to analyze.

Read More
Tags: bootkitcryptocurrency minerexploit kitUnderminer

Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
  • Posted on:June 21, 2018 at 5:01 am
  • Posted in:Botnets, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro
0

We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.

Read More
Tags: cryptocurrency minerCVE-2018-7602drupalMonero
Page 1 of 412 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Exploring Emotet: Examining Emotet’s Activities, Infrastructure
  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities
  • Fake Banking App Found on Google Play Used in SMiShing Scheme
  • TrickBot’s Bigger Bag of Tricks

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.