Attacker Abuses Victim Resources to Reap Rewards from Titan Network

October 30, 2024 at 03:44AM Trend Micro researchers identified an attacker exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence to execute remote code for cryptomining via the Titan Network. The attacker performed reconnaissance, installed Titan binaries on compromised machines, and connected them to the Cassini Testnet, aiming for financial gain through delegated proof of stake rewards. … Read more

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

October 22, 2024 at 10:30AM Trend Micro reports attacks on Docker remote API servers, deploying SRBMiner to mine XRP cryptocurrency. Attackers use the gRPC protocol over h2c to bypass security measures. They probe for public Docker APIs, upgrade connections, and execute malicious commands. Users are advised to enhance security measures to prevent unauthorized access. **Meeting … Read more

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments. … Read more

Near-‘perfctl’ Fileless Malware Targets Millions of Linux Servers

October 3, 2024 at 11:01AM A potent and elusive Linux malware, “perfctl,” has been wreaking havoc worldwide for years, targeting millions of servers and compromising thousands. It utilizes a plethora of exploits to gain initial access, and its ambitions expand beyond cryptomining and proxyjacking. Recommendations for mitigating this threat include patching vulnerabilities, restricting file execution, … Read more

Linux malware “perfctl” behind years-long cryptomining campaign

October 3, 2024 at 10:39AM Summary: The Linux malware “perfctl” has evaded detection for at least three years, targeting servers for cryptomining purposes. It exploits misconfigurations and known vulnerabilities to gain initial access, deploys rootkits for evasion, and communicates with threat actors over TOR. Aqua Nautilus offers detection and mitigation strategies to combat perfctl’s activities. … Read more

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

September 12, 2024 at 09:36AM Bad actors target Internet-exposed Selenium Grid instances for illicit cryptocurrency mining and proxyjacking. The lack of authentication makes these instances vulnerable. Threat actors exploit this to carry out malicious actions, including deploying crypto miners and proxyware solutions EarnFM and IPRoyal Pawn. Organizations are urged to configure authentication to prevent abuse. … Read more

Hackers Proxyjack & Cryptomine Selenium Grid Servers

September 12, 2024 at 06:09AM Threat actors are targeting Internet-exposed Selenium Grid servers for cryptomining, proxyjacking, and potentially more malicious activities. With thousands of exposed servers, hackers have been deploying automated malware to hijack them. Furthermore, the lack of authentication and outdated versions of Selenium Grid servers pose a significant security risk. Improperly secured servers … Read more

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware

August 22, 2024 at 11:51AM Log4j zero-day exploits continue to be a threat despite being discovered two years ago. Cybercriminals are still targeting unpatched corporate systems, deploying malware scripts and crypto-currency miners. Nation-state actors have incorporated Log4j exploits into their toolkits, and eradicating the issue is challenging due to software dependencies. Datadog Security Labs recently … Read more

‘Crystalray’ Attacks Jump 10X, Using Only OSS to Steal Credentials

July 11, 2024 at 10:04AM A threat actor known as “Crystalray” has been utilizing open source software (OSS) to expand its operations in credential stealing and cryptomining. Researchers observed Crystalray utilizing a range of OSS tools to carry out various stages of its attack chain. Despite its efficiency, the use of OSS opens the attacker … Read more

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

July 9, 2024 at 08:13AM Researchers found that misconfigured Jenkins Script Console instances can be exploited for criminal activities, like cryptocurrency mining. Attackers can gain remote code execution and misuse sensitive data. The console lacks administrative controls and can be accessed over the internet due to misconfigurations. Safeguards include proper configuration, robust authentication, and restriction … Read more