Crypto-Mining, Banking Trojans Top Malware Threats

By: Kacy Zurkus

Crypto-mining malware has again topped the threat index, with Coinhive holding strong in the number one malware threat for the 13th consecutive month, according to the latest Global Threat Index for December 2018, published by Check Point.

The threat index looks at the most common active malware variants and trends as cyber criminals evolve toward crypto-mining and multipurpose malware.

A second-stage downloader, SmokeLoader, first identified back in 2011, jumped to ninth place on the December top-10 list. “After a surge of activity in the Ukraine and Japan, its global impact grew by 20. SmokeLoader is mainly used to load other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker,” according to a press release.

“December’s report saw SmokeLoader appearing in the top 10 for the first time. Its sudden surge in prevalence reinforces the growing trend towards damaging, multipurpose malware in the Global Threat Index, with the top 10 divided equally between crypto-miners and malware that uses multiple methods to distribute numerous threats,” said Maya Horowitz, threat intelligence and research group manager at Check Point.

“The diversity of the malware in the Index means that it is critical that enterprises employ a multilayered cybersecurity strategy that protects against both established malware families and brand new threats.”

More:  https://www.infosecurity-magazine.com/news/crypto-mining-banking-trojans-top/

iPhone a Growing Target of Crypto-Mining Attacks

By: Kacy Zurkus

Apple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September.

In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to hold the number-one position, which it has occupied since December 2017.

While Coinhive currently impacts 19% of global organizations, researchers also reported that the information-stealing Trojan Dorkbot held onto second place with a 7% global impact. The report also noted significant increase in Coinhive attacks against PCs. Attackers used the Coinhive mining malware to target iPhones, which aligned with a rise in attacks against users of the Safari browser, the primary browser used by Apple devices.

The mining malware that rivals Coinhive, known as Cryptoloot, ranked third place overall on the Threat Index, making it the second-most prevalent crypto-miner in the index. Differentiating itself from Coinhive, Cryptoloot requests a smaller revenue percentage from websites than its top competitor.

“Crypto-mining continues to be the dominant threat facing organizations globally,” Maya Horowitz, threat intelligence group manager at Check Point, said in a press release. “What is most interesting is the fourfold increase in attacks against iPhones and against devices using the Safari browser during the last two weeks of September. These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”

More: https://www.infosecurity-magazine.com/news/iphone-a-growing-target-of/

What is cryptojacking? How to prevent, detect, and recover from it

By: Michael Kan

Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.

Either way, the crypto mining code then works in the background as unsuspecting victims use their computers normally. The only sign they might notice is slower performance or lags in execution.

Why cryptojacking is on the rise

No one knows for certain how much cryptocurrency is mined through cryptojacking, but there’s no question that the practice is rampant. Browser-based cryptojacking is growing fast. Last November, Adguard reported a 31 percent growth rate for in-browser cryptojacking. Its research found 33,000 websites running crypto mining scripts. Adguard estimated that those site had a billion combined monthly visitors.

This February, Bad Packets Report found 34,474 sites running Coinhive, the most popular JavaScript miner that is also used for legitimate crypto mining activity. In July, Check Point Software Technologies reported that four of the top ten malware it has found are crypto miners, including the top two: Coinhive and Cryptoloot.

“Crypto mining is in its infancy. There’s a lot of room for growth and evolution,” says Marc Laliberte, threat analyst at network security solutions provider WatchGuard Technologies. He notes that Coinhive is easy to deploy and generated $300 thousand in its first month. “It’s grown quite a bit since then. It’s really easy money.”

In January, researchers discovered the Smominru crypto mining botnet, which infected more than a half-million machines, mostly in Russia, India, and Taiwan. The botnet targeted Windows servers to mine Monero, and cybersecurity firm Proofpoint estimated that it had generated as much as $3.6 million in value as of the end of January.

Crypto-Mining Malware Found on 4000+ Sites

By: sikur

Capturar.JPG

by 

February 12, 2018

Over 4000 websites including several belonging to UK and US government agencies were found over the weekend to be running hidden crypto-mining malware.

Security researcher Scott Helme first investigated the website of the Information Commissioner’s Office (ICO) after a tip-off that AV filters were raising red flags.

“At first the obvious thought is that the ICO were compromised so I immediately started digging into this after firing off a few emails to contact people who may be able to help me with disclosure. I quickly realised though that this script, whilst present on the ICO website, was not being hosted by the ICO, it was included by a third-party library they loaded” he explained.

“If you want to load a crypto miner on 1,000 websites you don’t attack 1,000 websites, you attack the one website that they all load content from. In this case it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”

It turned out that attackers had compromised a JavaScript file which was part of the Texthelp Browsealout product, adding malicious code which effectively installed the CoinHive miner.

Some of the sites affected by CoinHive included United States Courts, the General Medical Council, the UK’s Student Loans Company, NHS Inform and many others.

Helme argued that mitigating the attack only requires a small code change to how the Browsealoud script is loaded.

MORE: https://www.infosecurity-magazine.com/news/cryptomining-malware-found-on-4000/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

By: sikur

Capturar.JPG

by Swati Khandelwal

February 05, 2018

the growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken.

To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS). Its research team, Cato Research Labs, maintains the company’s Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page.)

Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining.

However, there are significant risks of increased facility cost that must be addressed.

Understanding Blockchain and Crypto Mining

Crypto mining is the process of validating cryptocurrency transactions and adding encrypted blocks to the blockchain. Miners solve a hash to establish a valid block, receiving a reward for their efforts. The more blocks mined, the more difficult and resource-intensive becomes solving the hash to mine a new block.

MORE: https://thehackernews.com/2018/02/cryptocurrency-mining-threat.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

By: sikur

images

by Swati Khandelwal

January 31, 2018

2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals.

Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue—the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry.

Researchers from Proofpoint discovered a massive global botnet dubbed “Smominru,” a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master.

Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows, according to the researchers.

More: https://thehackernews.com/2018/01/cryptocurrency-mining-malware.html?m=1

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Monero Crypto-Mining Invades BlackBerry Mobile Site

By: sikur

Capturar

By Tara Seals

Users are reporting that the BlackBerry Mobile site is infected with the Coinhive cryptocurrency miner, which uses unsuspecting visitors’ CPU processing power to mine for the Monero virtual currency.

A Reddit user discovered the code on the site and posted about it—noting that only the global www.blackberrymobile.com site, owned by TCL Communication Technology Holding, is affected. Redirect sites for specific countries and those properties owned directly by BlackBerry Ltd are not infected.

TCL has not publicly commented on the situation, but Coinhive weighed in on the Reddit thread saying that the site appears to have been surreptitiously infected—making it the latest to be targeted by Monero-focused cybercriminals. There has also been potentially malicious planting of the miner on premium websites, like Showtime, and the LiveHelpNow widget, among others, and a recently discovered campaign inserts miners into digital ads.

“We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”

Coinhive, launched in September, offers website owners an alternative to advertising for monetization: Website owners can sign up to the service and embed scripts into their web pages to make page visitors mine for Monero, thus indirectly paying for content. The activity is pooled, making for potentially massive combined mining power, gleaned from masses of users with average hardware visiting a website.

As a result, there has been a rising tide of web-based mining. Symantec recently said that there has been a 34% increase in the number of mobile apps alone incorporating cryptocurrency mining code.

However, the service is not without controversy. In addition to cybercriminal exploitation, the ethics of the business model are murky at best, unless a website discloses to visitors that mining is in effect and/or allows a surfer to opt out. The Pirate Bay, for instance, has caught criticism for nontransparent use on its site.

MORE: https://www.infosecurity-magazine.com/news/monero-cryptomining-invades/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist