Connect with us

Security

Smominru Malware Hijacked Half-Million PCs to To Mine Monero

M. Ali

Published

2 months ago

on

Over half million Windows based PCs have been infected with Smominru malware that installs a custom version of XMRig is to mine Monero. This was revealed in a recent report that was published recently by Carbon Black Security.

Smominru also steals information from vulnerable targets ( including external IP addresses, internal IP addresses, domain information, usernames and passwords) and send it over to a command and control server (C&C or C2) owned by Smominru’s operators. Access to the hacked systems are being sold on Dark Web at a rate of $6.75 each.

Smominru operators are using different techniques to infect machines. They mainly rely on the use of the EternalBlue (CVE-2017-0144) exploit, but they’ve also deployed EsteemAudit (CVE-2017-0176), both aimed at taking over machines running unpatched Windows OS.

Smominru is not a new malware, it has been around for almost three years now. Last year, Smominru made around $2.3 million for it’s operators (source).

Related Topics:
M. Ali

Daily cryptocurrency trader, miner, technology enthusiast and a full time IT consultant.

Continue Reading
Advertisement
Comments

Bitcoin

A Backdoored Tor Browser is Being Used to Steal Bitcoin From Tor Users

June G. Bauer

Published

8 hours ago

on

October 18, 2019

By

Tor-Browser-Backdoor

A trojanized version of the Tor Browser is currently targeting Russian users to steal their Bitcoin funds. This was discovered by ESET security researchers.

When victims try make any Bitcoin transactions, the Backdoored Tor browser will automatically replace the original destination address with another address controlled by criminals.

The attackers are promoting their trojanized version of the Tor Browser through posting spam message on some popular Russian cryptocurrency websites to encourage victims to download and use the infected browser. Two domain names are used to distrubute the infected browser tor-browser[.]org and torproect[.]org

At the moment of publishing, the cryptocurrency wallets controlled by the attackers received 863 transactions worth of $40,000 in Bitcoin cryptocurrency.

Example of spam message promoting tor-browser[.]org . Image credit: welivesecurity.com

Continue Reading

Bitcoin

Malicious WordPress Plugins Used to Mine Cryptocurrencies

June G. Bauer

Published

11 hours ago

on

October 18, 2019

By

WordPress Plugins Used to Mine Cryptocurrencies

Security researchers at Sucuri have discovered a number of fake and malicious WordPress plugins that are being used not just to maintain access on the compromised websites but also to mine cryptocurrencies.

WPframework is a commonly used WordPress malicious plugin that hides itself to be a legitimate plugin, but its a PHP backdoor that will allow attackers to maintain their access even after the initial infection vector has been cleaned up.

The plugin will download Linux executable binary files to mine cryptocurrencies in the background.

What is WordPress?

WordPress is a widely used open source content management system (CMS) written in PHP with back-end MySQL database. WordPress is considered to be the easiest and most powerful blogging and website content management system in existence today. Right now, there are around 75,000,000 websites are using WordPress.

Continue Reading

Altcoins

A Major European Airport Hit By a Monero Mining Malware

M. Ali

Published

17 hours ago

on

October 18, 2019

By

Monero-Mining-Malware

Unnamed major European airport was hit by a Monero mining malware that infected more than half of the airport’s workstations to secretly mine Monero cryptocurrency.

Cyberbit, a cyber security firm revealed in a blog post that the malware mining attack was discovered by Cyberbit’s Endpoint Detection and Response team while deploying their security solution that detected suspicious activity on some airport systems.

The malware used Reflective Dynamic-Link Library (DLL) loading to inject malicious DLLs into a host process running in memory without using the Windows loader and completely bypassing the infected systems’ hard drives.

The malware installed xmrig Monero miner to stealthy mine cryptocurrency on the infected machines.

Continue Reading

Popular