cryptocurrency mining Archives

Winsage

November 8, 2024

Windows PCs targeted by new malware hitting a vulnerable driver

Researchers have identified a new threat campaign called SteelFox, which uses counterfeit software activators and cracks to infiltrate Windows systems. The campaign deploys a vulnerable driver, information-stealing malware, and a cryptocurrency miner, compromising sensitive data and exploiting system resources for illicit mining. Victims are reported globally, including regions from Brazil to China, affecting users of commercial software like Foxit PDF Editor, JetBrains, and AutoCAD. Cybercriminals continue to advertise these fake software solutions, increasing the potential for further infections.

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

Tech Optimizer

October 13, 2024

Securing PostgreSQL from Cryptojacking Campaigns in Kubernetes

Recent findings indicate significant vulnerabilities in PostgreSQL due to misconfigurations that can enable unauthorized shell command execution on the operating system. The COPY SQL command combined with the pg_execute_server_program role facilitates these vulnerabilities, especially when PostgreSQL services are exposed via Kubernetes ingress. PostgreSQL is the third most targeted application among Google customers, with weak passwords being a common vector for initial access in 41% of observed compromises. Misconfigured instances, particularly manual deployments, often lack proper authentication controls, user roles, and permissions. The use of “trust” authentication allows users from any IP to connect without a password, potentially granting superuser privileges. This vulnerability can be exploited by attackers to execute malicious commands, such as downloading cryptocurrency mining software. CrowdStrike's Falcon platform provides protection against threats targeting PostgreSQL by detecting and preventing malicious activities. Best practices for securing PostgreSQL include using strong passwords, securing configuration files, enabling SSL/TLS, auditing user roles, and adopting a Zero Trust approach to access control.

Tech Optimizer

August 26, 2024

Cryptomining Malware Targets PostgreSQL Databases

PG_MEM malware poses a significant security threat to over 800,000 PostgreSQL databases protected by weak passwords, enabling unauthorized cryptocurrency mining. Attackers use brute-force techniques to guess database credentials, establish a superuser role for continued access, and gather system information to download cryptomining software and other malicious payloads. They modify system configuration files, create cron jobs for persistence, and relocate logs to evade detection. Recommendations for organizations include strengthening threat monitoring and authentication protocols, implementing advanced threat detection tools, and isolating databases from broader network access.

Tech Optimizer

August 25, 2024

PG_MEM – A Malware Hide in Postgres Processes to Steal Data

Cybersecurity researchers at Aqua Nautilus have identified a malware strain called PG_MEM that targets PostgreSQL databases. PG_MEM uses brute force techniques to gain access to these databases, disguises itself within legitimate PostgreSQL processes, and facilitates data theft while mining cryptocurrency. The attack involves several stages: 1. **Brute Force Attack**: Attackers attempt multiple login attempts to guess database credentials. 2. **Gaining Persistence**: After gaining access, attackers create a superuser role to maintain control. 3. **System Discovery and Payload Delivery**: Attackers gather system information and deliver malicious payloads, including the PG_Core malware, which is used for cryptocurrency mining. PG_MEM acts as a dropper for the XMRIG cryptocurrency miner and maintains persistence through cron jobs. There are over 800,000 publicly accessible PostgreSQL databases, highlighting vulnerabilities that need addressing. The attack employs techniques from the MITRE ATT&CK framework, emphasizing the need for strong security measures, including robust password policies and regular security audits.

Tech Optimizer

August 24, 2024

Malware Infects Databases With Vulnerable Passwords to Install Crypto Mining Software | Live Bitcoin News

A new strain of malware, PG_MEM, is targeting PostgreSQL-enabled internet-connected devices, capable of infecting around 800,000 databases, primarily in the United States and Poland. It exploits weak passwords to gain unauthorized access, installs files to commandeer database resources for cryptocurrency mining, and evades detection. Attackers use brute-force methods to guess passwords, highlighting vulnerabilities in password management. Many organizations expose their PostgreSQL databases to the internet due to misconfigurations and inadequate identity controls. The first half of 2024 has seen a 400% increase in such cryptojacking attacks, indicating a growing trend in exploiting database vulnerabilities.

Tech Optimizer

August 23, 2024

PostgreSQL Databases the Target of New Malware PG_MEM for Crypto Mining – CIO News

Researchers have identified a new malware strain called PG_MEM that targets PostgreSQL databases for cryptocurrency mining. It uses brute-force techniques to guess weak database credentials, allowing attackers to execute arbitrary shell commands on the host system. The malware exploits improperly configured PostgreSQL databases and utilizes the COPY… FROM PROGRAM SQL command to run malicious payloads, including PG_MEM and PG_CORE, from a remote server. The primary goal is to mine Monero cryptocurrency, but attackers can also steal data and control the compromised server. The attack primarily affects internet-facing PostgreSQL databases with weak passwords due to misconfigurations.

AppWizard

August 23, 2024

Top 11 Free Crypto Mining Apps for Android in 2024

Mobile crypto mining allows users to mine cryptocurrencies directly from their smartphones, offering a more accessible alternative to traditional mining that requires powerful hardware and significant energy consumption. However, the rewards from mobile mining are generally lower. Android is favored for mobile mining due to its open-source nature and the variety of available mining apps. Several free crypto mining apps for Android include: 1. MasHash: A cloud-based mining app that allows users to mine cryptocurrencies like Litecoin, Ethereum, and Bitcoin. It offers eco-friendly operations and daily rewards but lacks physical hardware ownership. 2. ECOS: A cloud mining platform known for its transparency and user-friendly interface, requiring an upfront purchase of mining contracts. 3. Hashshiny: Supports multiple cryptocurrencies and provides real-time monitoring, but requires purchasing cloud mining contracts. 4. Binance: Offers a cloud mining service integrated with its trading platform, primarily focused on Bitcoin. 5. NiceHash: Allows users to sell their computer's processing power for mining, offering flexibility but with volatile earnings. 6. CryptoTab Browser: Combines web browsing with Bitcoin mining, operating in the background to minimize power usage. 7. Pi Network: Allows users to earn Pi coins with minimal processing power, but the coins currently lack trading options. 8. StormGain: Provides a cloud mining service for Bitcoin without using device power, but has limited cryptocurrency options. 9. MinerGate Mobile Miner: Supports various cryptocurrencies and offers a user-friendly interface, but may drain battery life. 10. AA Miner: Supports mining for over fifty cryptocurrencies with a simple interface, but has high battery consumption. 11. Crypto Miner: Offers flexibility with various mining techniques but may require more technical knowledge. To maximize earnings, users can utilize multiple apps, optimize settings, join mining pools, keep apps updated, and monitor performance to prevent overheating. While many mining apps are safe, it's important to choose reputable ones and be cautious of those requiring significant upfront investments.

AppWizard

August 22, 2024

Top 11 Free Crypto Mining Apps for Android in 2024 – Disrupt Africa

Mobile mining is gaining popularity, allowing users to mine cryptocurrencies using Android devices through user-friendly applications. This approach differs from traditional mining, which requires powerful hardware and high energy consumption. While mobile mining is accessible for beginners, the rewards may be lower than conventional methods. Android is favored for crypto mining due to its open-source nature and the availability of numerous mining apps. Some notable free crypto mining apps for Android include: 1. MasHash: A cloud-based mining app founded in 2019, allowing users to mine Litecoin, Ethereum, and Bitcoin. It offers eco-friendly operations and daily rewards but lacks physical hardware ownership. 2. ECOS: A cloud mining platform that eliminates the need for physical equipment, allowing users to mine Bitcoin and other coins through purchased contracts. It requires an upfront purchase of mining contracts. 3. Hashshiny: Users can mine Bitcoin, Ethereum, and Litecoin with a flexible mobile app. It requires purchasing cloud mining contracts and profitability can fluctuate. 4. Binance: Offers a cloud mining service integrated with its trading platform, allowing users to mine Bitcoin and other cryptocurrencies. Requires a Binance account. 5. NiceHash: A marketplace for selling computing power to mine cryptocurrencies. Earnings can be volatile and it has high transaction fees. 6. CryptoTab Browser: A web browser that allows Bitcoin mining while browsing. It may yield lower earnings compared to dedicated mining rigs. 7. Pi Network: Users can earn Pi coins with minimal processing power. However, Pi coins are not tradable yet. 8. StormGain: A cloud mining tool for Bitcoin that does not use device electricity. It has limited cryptocurrency options and is not available in some countries. 9. MinerGate Mobile Miner: Supports multiple cryptocurrencies and has a user-friendly interface but may drain battery life quickly. 10. AA Miner: Supports over 50 cryptocurrencies with a simple interface but has high battery consumption. 11. Crypto Miner: Allows mining of various cryptocurrencies with customizable settings but may require manual configuration. To identify legitimate mining apps, users should check reviews, research developers, be wary of scams, and seek community feedback. The best cloud mining apps for Android are MasHash and StormGain. For effective mining, phones should have a powerful processor, large battery capacity, efficient cooling systems, and ample storage. Brands like Samsung, OnePlus, and Xiaomi are recommended for mobile mining. Tips for maximizing earnings include using multiple apps, optimizing settings, joining mining pools, keeping apps updated, and monitoring performance.

Tech Optimizer

August 22, 2024

New Malware Hidden Within PostgreSQL Process Deploys Cryptocurrency Miners

An attacker executed a brute-force attack on a PostgreSQL database, gaining unauthorized access and exploiting a feature for command execution. They created a superuser role, dropped files, and deployed cryptocurrency miners. The attacker established a new superuser account, stripped the original user of superuser privileges, and gathered intelligence on the system. They executed shell commands and downloaded two malicious payloads: pg_core, a cryptominer, and pg_mem, a dropper for the XMRIG cryptominer. The payloads evaded detection by removing logs and establishing persistence through cron jobs. The attacker modified the pg_hba configuration file to allow unauthorized connections. A search via Shodan found over 800,000 publicly accessible PostgreSQL databases, highlighting security risks. The attack aligned with the T1190 technique, allowing the attacker to bypass security measures. The strategy included executing shell commands, creating a new user account, manipulating roles, and deleting evidence while leveraging elevated privileges for cryptocurrency mining.