cryptojacking Archives - Security Affairs

Pierluigi Paganini June 19, 2024

Cryptojacking campaign targets exposed Docker APIs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet […]

Pierluigi Paganini March 30, 2021

30 Docker images downloaded 20M times in cryptojacking attacks

Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining […]

Pierluigi Paganini January 09, 2020

Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

An operation coordinated by Interpol, dubbed Goldfish Alpha, dismantled an illegal cryptocurrency network operating in Southeast Asia Interpol announced that it has coordinated a successful international operation aimed at removing cryptocurrency miners that infected routers located in Southeast Asia. The operation sees the contribution of Trend Micro, law enforcement and CERTs from ASEAN countries, including […]

Pierluigi Paganini June 15, 2019

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Cybercriminals are attempting to exploit an API misconfiguration in Docker containers to infiltrate them and run the Linux bot AESDDoS. Hackers are attempting to exploit an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community to infiltrate containers and run the Linux bot AESDDoS (Backdoor.Linux.DOFLOO.AA). Threat actors are actively scanning the Internet for exposed […]

Pierluigi Paganini June 11, 2019

CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign

The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports. Experts at Trend Micro reported that the recently patched CVE-2019-2725 vulnerability in Oracle WebLogic is being exploited in cryptojacking attacks. The flaw is a deserialization remote command execution zero-day vulnerability that affects the Oracle WebLogic wls9_async and wls–wsat components. The […]

Pierluigi Paganini June 01, 2019

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that […]

Pierluigi Paganini March 13, 2019

Modular Cryptojacking malware uses worm abilities to spread

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities by leveraging known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SqlServer. The Monero cryptocurrency miner […]

Pierluigi Paganini March 05, 2019

Hundreds of Docker Hosts compromised in cryptojacking campaigns

Poorly protected Docker hosts exposed online continue to be a privileged target of crooks that abuse their computational resources in cryptojacking campaigns. Security experts have recently discovered hundreds of exposed Docker hosts that have been compromised by hackers exploiting the CVE-2019-5736 runc vulnerability in February. The flaw was discovered by the security researchers Adam Iwaniuk […]

Pierluigi Paganini October 29, 2018

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Cybercriminals continue to abuse unprotected Docker APIs to create new containers used for cryptojacking, Trend Micro warns. Crooks continue to abuse unprotected Docker APIs to create new containers used for cryptojacking. Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. A container is […]

Pierluigi Paganini August 11, 2018

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. According to Group-IB’s Threat Intelligence, over a year, the number of shadow-forum ads […]

cryptojacking

Cryptojacking campaign targets exposed Docker APIs

30 Docker images downloaded 20M times in cryptojacking attacks

Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

Crooks exploit exposed Docker APIs to build AESDDoS botnet

CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Modular Cryptojacking malware uses worm abilities to spread

Hundreds of Docker Hosts compromised in cryptojacking campaigns

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Coyote malware is first-ever malware abusing Windows UI Automation

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

cryptojacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!