We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.
Read More We found a Golang-based spreader being used in a campaign that drops a cryptocurrency miner payload. Trend Micro has been detecting the use of the spreader since May and saw it again in a campaign this month.
Read More
We recently came across evidence of a large-scale cybercrime activity that appears to combine targeted attack tools and regular cybercrime: The attackers distribute typical malware such as cryptocurrency miners and ransomware by making use of sophisticated tools that were previously mostly seen in targeted attacks.
Read More We found cryptocurrency-mining activity that involves the exploitation of the Oracle WebLogic server vulnerability CVE-2019-2725 with the interesting behavior of using certificate files as an obfuscation tactic.
Read More
We discovered a Docker Hub repository that has been sending infected cryptocurrency-mining containers to hubs with publicly exposed APIs. Some of the images within the repository contained a Shodan script that identified potential targets for further distribution.
Read More