Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators’ army of Monero (XMR) cryptocurrency mining bots. This modular malware can infect both Windows and Linux systems, and it was first spotted last year while using the EternalBlue exploit to spread across compromised networks and enslave vulnerable Windows computers.
Posts Tagged: cryptocurrency
North Korean hackers tracked as the Lazarus Group have been observed while using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries. This is not the first time the Lazarus hackers (also tracked as HIDDEN COBRA by the United States Intelligence Community… Read more »
Someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the official site didn’t match… Read more »
Researchers monitoring malware that affects Android devices discovered malicious apps that can steal one-time passwords (OTP) from the notification system. This development bypasses Google’s ban on apps that access SMS and call logs without justification. Google enforced the restriction earlier this year specifically to lower the risk of sensitive permissions where they are not necessary. In theory,… Read more »
The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back to September 2018 the Pacha Group has deployed undetected crypto-mining malware to infiltrate Linux servers and mine cryptocurrency without user permissions. One of the more notable observations discerned by Intezer researchers was the… Read more »