Latest CryptoMiner news

GhostEngine mining attacks kill EDR security using vulnerable drivers

A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner.
- Bill Toulas
- May 21, 2024
- 06:30 PM
- 0
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities.
- Sergiu Gatlan
- April 17, 2024
- 05:01 PM
- 0
Crypto miner arrested for skipping on $3.5 million in cloud server bills

The U.S. Department of Justice has announced the arrest and indictment of Charles O. Parks III, known as "CP3O," for allegedly renting large numbers of cloud servers to conduct crypto mining and then skipping out on paying the bills.
- Bill Toulas
- April 15, 2024
- 02:10 PM
- 3
RUBYCARP hackers linked to 10-year-old cryptomining botnet

A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
- Bill Toulas
- April 09, 2024
- 11:30 AM
- 0
Hackers exploit Ray framework flaw to breach servers, hijack resources

A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.
- Bill Toulas
- March 26, 2024
- 02:51 PM
- 0
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.
- Ionut Ilascu
- March 06, 2024
- 07:09 AM
- 0
StripedFly malware framework infects 1 million Windows, Linux hosts

A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
- Bill Toulas
- October 26, 2023
- 10:47 AM
- 2
Windows cryptomining attacks target graphic designer's high-powered GPUs

Cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with cryptocurrency miners.
- Bill Toulas
- September 07, 2023
- 11:46 AM
- 0
Kubernetes RBAC abused to create persistent cluster backdoors

Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
- Bill Toulas
- April 21, 2023
- 11:35 AM
- 0
Pirated Final Cut Pro infects your Mac with cryptomining malware

Security researchers discovered a cryptomining operation targeting macOS with a malicious version of Final Cut Pro that remains largely undetected by antivirus engines.
- Bill Toulas
- February 23, 2023
- 01:34 PM
- 0
Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack

A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.
- Bill Toulas
- February 16, 2023
- 04:03 PM
- 0
NPM packages posing as speed testers install crypto miners instead

A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
- Bill Toulas
- February 14, 2023
- 12:25 PM
- 0
New HeadCrab malware infects 1,200 Redis servers to mine Monero

New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.
- Sergiu Gatlan
- February 01, 2023
- 06:56 PM
- 0
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.
- Bill Toulas
- January 09, 2023
- 04:16 PM
- 2
Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month

South African threat actors known as 'Automated Libra' has been improving its techniques to make a profit by using cloud platform resources for cryptocurrency mining.
- Bill Toulas
- January 05, 2023
- 09:00 AM
- 1
Cybersecurity researchers take down DDoS botnet by accident

While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.
- Sergiu Gatlan
- November 30, 2022
- 03:12 PM
- 1
Docker Hub repositories hide over 1,650 malicious containers

Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors.
- Bill Toulas
- November 24, 2022
- 12:16 PM
- 0
US govt: Iranian hackers breached federal agency using Log4Shell exploit

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.
- Sergiu Gatlan
- November 16, 2022
- 11:34 AM
- 1
New Chaos malware infects Windows, Linux devices for DDoS attacks

A quickly expanding botnet called Chaos is targeting and infecting Windows and Linux devices to use them for cryptomining and launching DDoS attacks.
- Sergiu Gatlan
- September 28, 2022
- 11:22 AM
- 1
Cryptominers hijack $53 worth of system resources to earn $1

Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices.
- Bill Toulas
- September 28, 2022
- 09:00 AM
- 0