• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   cryptocurrency miner

Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload
  • Posted on:September 16, 2019 at 5:10 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

Skidmap, a Linux malware that we recently stumbled upon, demonstrates the increasing complexity of recent cryptocurrency-mining threats. This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar.

These kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts — attackers can also use them to gain unfettered access to the affected system. A case in point: the way Skidmap can also set up a secret master password that gives it access to any user account in the system. Conversely, given that many of Skidmap’s routines require root access, the attack vector that Skidmap uses — whether through exploits, misconfigurations, or exposure to the internet — are most likely the same ones that provide the attacker root or administrative access to the system.

Read More
Tags: cryptocurrency minerLinuxrootkitSkidmap

Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year-old XHide
  • Posted on:July 19, 2019 at 5:09 am
  • Posted in:Bad Sites, Malware
  • Author:
    Trend Micro
0

We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.

Read More
Tags: cryptocurrency minerMoneroshellbotXHideXMRig

Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign
  • Posted on:June 28, 2019 at 5:01 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

We found a Golang-based spreader being used in a campaign that drops a cryptocurrency miner payload. Trend Micro has been detecting the use of the spreader since May and saw it again in a campaign this month.

Read More
Tags: coinminercryptocurrency minergolang

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
  • Posted on:June 13, 2019 at 5:09 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

We recently came across evidence of a large-scale cybercrime activity that appears to combine targeted attack tools and regular cybercrime: The attackers distribute typical malware such as cryptocurrency miners and ransomware by making use of sophisticated tools that were previously mostly seen in targeted attacks.

Read More
Tags: cryptocurrency minerEquation GroupEternalBlueShadow Brokers

CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner
  • Posted on:June 10, 2019 at 12:15 am
  • Posted in:Malware, Vulnerabilities
  • Author:
    Trend Micro
0

We found cryptocurrency-mining activity that involves the exploitation of the Oracle WebLogic server vulnerability CVE-2019-2725 with the interesting behavior of using certificate files as an obfuscation tactic.

Read More
Tags: cryptocurrency minerCVE-2019-2725Monerovulnerability
Page 1 of 512 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year-old XHide
  • Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
  • Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.