The gain popularity of the concept of cryptomining which generates revenue with various threat actor which have been attempting to do illegitimate mining activities which used for their victim’s infrastructure, along with several other parallel malicious activities. Recently a malware was used in targeting the victims for crypto mining as well as DDoS attacks.

Whole Campaigns

Palo Alto Network the unit 42 team said that they are identified with the two versions of the lucifer malware which took advantage of known vulnerabilities for infiltrating and performing malicious activities on target systems.

• The Self-propagating Hybrid malware variant which dubbed lucifer, leverages known vulnerabilities that spread and perform malicious activities on the platform such as cryptojacking and Distributed denial-of-service (DDoS)attacks.
• The Lucifer Malware where we are talking about are targeting the Rejetto Http File Server (CVE-2017-6287), Microsoft Window (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464), Oracle Weblogic (CVE-2017-10271) Apache Struts (CVE-2017-9791), ThinkPHP RCE (CVE-2018-20062) and Laravel Framework (CVE-2019-9081)
• The Brute force which can attack the credentials, the malware dropped XMRIg Miner for crypto-jacking Monero and exploited EternalBlue, EternalRomance, and DoublePulsar backdoor-exploits against vulnerable targets for internet infections.

Cryptojacking Campaigns

Cryptojacking is on the rise and hackers are frequently using and coming with this to compromise computer resources and for the crypto-mining.

• A Monero cryptocurrency-mining campaign called Blue Mockingbird which exploited a deserialization vulnerability (CVE-2019-18935) in unpatched versions of Telerik UI for the ASP .Net. It deployed the XNRig Monero-mining Payload in a dynamic-link library form on windows systems. ( Happens In May 2020)
• The Victory Gate Botnet used USB Drivers In Propagation mechanism which deployed auto and XNRig on infected machines for Crypto Mining.

What We Need 

We need to stay safe while applying any updates and patches for all the deployed software, firmware, and operating systems as soon as you can do. The User should use the Browser extensions to the block crypto miners across the web which are used for trusted ad-blocker and detect to block the malicious crypto-mining code embedded in online ads,

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

You can Also read Articles :

Thousands of Printers Exposed Online leaking WiFi SSIDs

New Ransomware Attacks: Android Devices are under threat

The post Lucifer Malware : Windows Vulnerabilities for Cryptomining appeared first on Vednam.

Malware affects the entire system of airports.

Suspected Malware

According to researchers, the malware was discovered while installing Endpoint detection and response(EDR). EDR is the advanced behavioral detection and threat hunting platform which helps to detect the issues.

When the Endpoint Detection and Response (EDR) were rolled out from the International Airport in Europe then the researcher identified an interesting crypto mining infection where the cryptocurrency mining software was installed on more than 50% of the international airport workstation as the media reported.

The malware we are talking about is detected and it was associated with the anti-coinminer campaign as reported by the Zscaler in 2018. The behavior of implementing multiple processes over a short time frame and the malware was presumed to be the bitcoin miner.

The main path was not traceable right now and how the malware got into the workstations even though all the workstations at the airports run an industry-standard AV solution that also doesn’t detect the malicious activity.

The threat actor used the reflective DLL loading which is a typical evasion tactic that can mask the loading or installing of the malware files. The malware that was found is used for months before the installation of EDR.

According to the media “ the malware happens to be the cryptocurrency miner that can impact the business was relatively minor and also limited to the performance degradations which can lead to quality service and service interruptions which increase in power consumption through the airport.

Modified attackers

The Highest privileges that were possible to take emphasis on any application for the user of workstation resources. The threat actors are modified by malware techniques that they would be more challenging to get identified from the infected computer.

Followed

The best way to protect the systems, the company may have AV with EDR for the prevention and detection of malware rather than using AV alone.

If you find any suggestions for this Cryptocurrency Miners article. Let me know in the comment section. Thank You

The post Cryptocurrency Miners : Affect European Airport Workstation by 50% appeared first on Vednam.