Tag: cryptocurrency mining

10 Attack Reports | 0 Vulnerabilities

Attack reports

Blitz Malware: A Tale of Game Cheats and Code Repositories

Blitz is a new Windows-based malware discovered in 2024 consisting of a downloader and bot payload. The latest version was spread through backdoored game cheats for Standoff 2 distributed via Telegram. Blitz abuses Hugging Face Spaces to host components of its C2 infrastructure and payloads. The ma…
xmrig
ddos
information stealing
telegram
cryptocurrency mining
hugging face
blitz
2025-06-06
game cheats
Published: June 6, 2025
Downloadable IOCs: 80

Analysis of T-Rex CoinMiner Attacks Targeting Internet Cafés in Korea

A series of attacks targeting Korean Internet cafés have been identified, focusing on systems with specific management software installed. The threat actor, active since 2022, uses Gh0st RAT for system control and ultimately installs T-Rex CoinMiner for cryptocurrency mining. The initial access met…
gh0st rat
cryptocurrency mining
2025-06-04
phoenixminer
gpu mining
t-rex coinminer
Published: June 4, 2025
Downloadable IOCs: 9

Dero miner spreads inside containerized Linux environments

A new Dero mining campaign is infecting containerized Linux environments through exposed Docker APIs. The attack uses two Golang malware components: 'nginx' for propagation and 'cloud' for mining. The 'nginx' malware scans for vulnerable Docker hosts, creates malicious containers, and compromises e…
linux
persistence
cloud
docker
cryptocurrency mining
container security
nginx
2025-05-21
dero
golang malware
port scanning
Published: May 21, 2025
Downloadable IOCs: 3

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

A new Dero mining campaign exploits insecurely published Docker APIs to spread through containerized Linux environments. The attack uses two Golang malware implants: 'nginx' for propagation and 'cloud' for cryptocurrency mining. The 'nginx' malware scans for vulnerable Docker APIs, creates maliciou…
linux
cloud
exploitation
docker
cryptocurrency mining
nginx
2025-05-21
dero
containerized environments
golang malware
Published: May 21, 2025
Downloadable IOCs: 3

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

OUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified …
linux
xmrig
worm
persistence
botnet
irc
ssh
cryptocurrency mining
brute-force
2025-04-03
outlaw
stealth shellbot
blitz
Published: April 3, 2025
Downloadable IOCs: 87

SilentCryptoMiner distributed as a bypass tool

A mass malware campaign is infecting users with a cryptocurrency miner disguised as a tool for bypassing internet restrictions. The campaign has affected over 2,000 victims in Russia, utilizing YouTube channels to spread malicious links. Attackers are blackmailing content creators to post videos wi…
xworm
xmrig
njrat
dcrat
stealth techniques
cryptocurrency mining
silentcryptominer
2025-03-05
phemedrone
blackmail
restriction bypass
python loader
Published: March 5, 2025
Downloadable IOCs: 0

Demystifying PKT and Monero Cryptocurrency deployed on MSSQL servers

This analysis examines a recent cryptocurrency mining operation targeting MSSQL servers, focusing on PKT Classic and Monero cryptocurrencies. The attack exploits vulnerabilities to deploy mining tools, including PacketCrypt for PKT and XMRIG for Monero. The process involves using Windows utilities …
obfuscation
xmrig
exploitation
cryptocurrency mining
monero
packetcrypt
2025-02-20
pkt classic
mssql servers
Published: February 20, 2025
Downloadable IOCs: 0

RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit

RunningRAT, a remote access trojan initially observed in 2018 targeting the Pyeongchang Winter Olympics, has evolved its capabilities to include cryptocurrency mining. This shift indicates an expansion of the malware's operational focus. The analysis reveals the discovery of RunningRAT samples in o…
xmrig
cryptocurrency mining
remote access trojan
2024-11-06
runningrat
Published: November 6, 2024
Downloadable IOCs: 11

Unmasking Prometei: A Deep Dive Into MXDR Findings

This analysis examines the Prometei botnet's infiltration of a customer's system through a targeted brute force attack. Leveraging Trend Vision One, the investigation traced the botnet's detailed installation routine and stealthy tactics. Prometei, a modular malware family used for cryptocurrency m…
botnet
credential theft
lateral movement
dga
web shell
tor
cryptocurrency mining
2024-10-23
prometei
CVE-2021-27065
CVE-2021-26858
CVE-2019-0708
Published: October 23, 2024
Downloadable IOCs: 0

Supershell Malware Being Distributed to Linux SSH Servers

A Chinese-developed Go-based backdoor called Supershell is targeting poorly managed Linux SSH servers. The malware, which supports multiple platforms, primarily functions as a reverse shell for remote system control. Attackers use dictionary attacks from various IP addresses to gain access, then in…
xmrig
ssh
2024-09-20
cryptocurrency mining
supershell
Published: September 20, 2024
Downloadable IOCs: 5
Click here to see more Attack Reports