A Japanese court has demanded a man who infected website visitors with cryptocurrency mining malware face justice — after acquitting him. As local daily news outlet The Mainichi reported on Feb. 7, the Tokyo High Court overturned a previous ruling which cleared the man, who was not named, of any wrongdoing. Visitors “not informed” of malware According to the original indictment, the 32-year-old web designer installed the Coinhive miner on his own website in October 2017. It was active for a month, using visitors’ devices to mine cryptocurrency for his own benefit — a practice known as “cryptojacking.” The man …
Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it. According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, …
Interpol has collaborated with cybersecurity firm Trend Micro to reduce cryptojacking affecting MikroTik routers across South-East Asia, according to a Jan. 8 press release. Though the collaboration reduced the number of affected devices by 78 percent, this is unlikely to have made a significant impact on mining hashrate. Cryptojacking is a malicious practice where attackers infect common devices with crypto mining malware, utilizing the victim’s resources to mine cryptocurrency. Cybersecurity firm Trend Micro collaborated with Interpol’s Global Complex for Innovation, based in Singapore, to sanitize MikroTik routers infected with mining malware. As part of the “Operation Goldfish Alpha,” Trend Micro …
An Ethereum (ETH) wallet known as “Shitcoin Wallet” is reportedly injecting malicious javascript code from open browser windows to steal data from its users. On Dec. 30, cybersecurity and anti-phishing expert Harry Denley warned about the potential breach in a tweet: – Source Twitter According to Denley’s tweet, Chrome browser crypto wallet software Shitcoin Wallet is targeting Binance, MyEtherWallet and other well-known websites containing users’ passwords and private keys to cryptocurrency. The Shitcoin Wallet Chrome extension – ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn – works by downloading a number of javascript files from a remote server. The code then searches for open browser windows …
Researchers have published a new report on what they deem to be a “relentless” crypto mining botnet that lurks behind seemingly innocuous content such as JPEG images of Taylor Swift. The botnet — best known as MyKings (alternatively as DarkCloud or Smominru) — has been active since 2016, according to a Dec. 18 news release from Gabor Szappanos at SophosLabs. While all “underpatched, low-hanging fruit” on the internet — to use Sophos’ phrasing — has long been vulnerable to its attacks, recently the actors behind MyKings have allegedly added bootkit functionality, which makes it all the more resistant to detection …
Security researchers have discovered a new cryptocurrency-related macOS malware believed to be the product of North Korean hackers at the Lazarus Group. As tech-focused publication Bleeping Computer reported on Dec. 4, malware researcher Dinesh Devadoss encountered a malicious software on a website called “unioncrypto.vip,” that advertised a “smart cryptocurrency arbitrage trading platform.” The website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.” Linkage to North Korean hackers According to the researchers, the malware can retrieve a payload from a remote location and run it in memory, which is not common for macOS, but …
Promon security researchers have uncovered a vulnerability that could allow cybercriminals to access private data on any Android phone. 500 most popular apps are at risk On Dec. 2, the Norwegian app security firm Promon revealed the discovery of a dangerous Android vulnerability called StrandHogg, which has reportedly infected all versions of Android and has put the top 500 most popular apps at risk. Promon CTO Tom Lysemose Hansen commented: “We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount …
A group of hackers has launched a new cryptojacking campaign on Nov. 24, scanning as many as 59,000 IP networks to find Docker platforms that have API endpoints exposed online, business technology publication ZDNet reports Nov. 26. According to the report, the campaign is targeting vulnerable Docker instances in order to deploy crypto-malware to generate funds for the hacking group by mining Monero (XMR). The mass scanning issue was first discovered by American internet security firm Bad Packets LLC on Nov. 25. Troy Mursch, chief research officer and co-founder of Bad Packets LLC, said that exploit activity targeting exposed Docker …
Slovakian software security firm Eset has uncovered that cyber criminals behind the Stantinko botnet have been distributing a Monero (XMR) cryptocurrency mining module via Youtube. On Nov. 26, the major antivirus software supplier Eset reported that the Stantinko botnet operators have expanded their criminal reach from click fraud, ad injection, social network fraud and password stealing attacks, into installing crypto malware on victims' devices using Youtube. Stantinko botnet has been active since at least 2012 The Stantinko botnet, which has been active since at least 2012 and predominantly targets users in Russia, Ukraine, Belarus and Kazakhstan, reportedly uses YouTube channels …
The Microsoft Defender ATP research team shares insights on a new cryptocurrency-stealing malware variant that has infected close to 80,000 computers. On Nov. 26, Microsoft security analysts revealed that the malware, called Dexphot, had already infected close to 80,000 devices since October 2018, reaching its peak in the month of June of this year. The malicious code reportedly hijacks legitimate system processes to disguise its nefarious activity, with the ultimate goal of running a cryptocurrency miner on the infected device. When infected users attempt to remove the malware, monitoring services and scheduled tasks will trigger re-infection. The report reads: “Dexphot …
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Members of the Zcash (ZEC) community have discovered a suspicious and potentially malicious counterfeit version of Zcash Foundation’s native ZecWallet. According to a Twitter post published on Oct. 20 and retweeted by Zcash developer Electric Coin Company, the fake ZecWallet likely contains malware. The tweet reads: “PSA to all Zcash users! There is a fake version of ZecWallet that likely contains malware (size and checksum is different) double check you are downloading from official @zecwallet repo on GitHub: https://github.com/ZcashFoundation/zecwallet” As Cointelegraph reported on Sept. 29, a bug was found in all Zcash implementations and most of its forks that could …