New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

October 1, 2024 at 01:27AM Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API, enabling attackers to co-opt instances into a malicious Docker Swarm. The attacks leverage Docker for access, spawning a cryptocurrency miner, and orchestrating lateral movement to related hosts. The campaign also demonstrates the use of evolving malware and … Read more

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

June 28, 2024 at 01:26AM Water Sigbin utilizes DLL reflective and process injection to deploy the PureCrypter loader and XMRIG crypto miner, exploiting vulnerabilities in Oracle WebLogic servers. Fileless execution via PowerShell scripts enables evasion of disk-based detection, while .Net Reactor protection ensures code obfuscation. The threat actor employs multiple advanced tactics, emphasizing the need … Read more

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

June 18, 2024 at 06:19AM Cybersecurity researchers have discovered a new malware campaign targeting exposed Docket API endpoints, deploying cryptocurrency miners and accessing more malicious programs via a remote access tool. The attack involves reconnaissance, privilege escalation, and exploitation of Docker servers. The campaign is linked to a previous activity dubbed Spinning YARN and features … Read more

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

April 24, 2024 at 03:51AM A new malware campaign, called GuptiMiner, is using the eScan antivirus software’s updating mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The campaign is linked to a North Korean hacking group Kimsuky. The malware uses sophisticated techniques and has evaded detection for at least five years. The … Read more

‘Commando Cat’ Is Second Campaign of the Year Targeting Docker

February 1, 2024 at 05:30PM Cado researchers discovered “Commando Cat,” a malware campaign targeting exposed Docker API endpoints. This cryptojacking campaign, the second to target Docker, uses the service to mount the host’s filesystem and run various payloads. There are indications of an overlap with other threat groups, suggesting a potential connection. The campaign is … Read more

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

January 4, 2024 at 06:24AM Three new malicious packages discovered in the Python Package Index (PyPI) repository can deploy a cryptocurrency miner on affected Linux devices. The packages, modularseven, driftme, and catme, attracted 431 downloads before being removed. They conceal their payload, deploy a CoinMiner executable, and persistently exploit devices, evading detection and security software. … Read more

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

October 27, 2023 at 10:43AM Cybersecurity firm Kaspersky has warned about a highly advanced piece of malware named StripedFly that has been infecting over one million devices for the past five years. The threat is designed as a modular framework and can target both Windows and Linux systems. It utilizes a Tor network tunnel for … Read more