cryptomining Archives

Tech Optimizer

March 16, 2026

What Is a Crypto Miner Virus?

A crypto miner virus, or cryptojacking malware, secretly uses a device’s CPU or GPU to mine cryptocurrency for an attacker, leading to increased electricity costs and potential hardware damage for the victim. It typically infects devices through phishing emails, pirated software, compromised websites, and malicious browser extensions. Monero is the preferred cryptocurrency for mining due to its efficiency on standard CPUs and privacy features. Signs of infection include overheating, high CPU usage, and increased electricity bills. Detection involves monitoring system performance and running antivirus scans. Prevention includes using antivirus software, keeping systems updated, and avoiding pirated software. Notable incidents include attacks on a European water utility and the Los Angeles Times website.

Tech Optimizer

March 12, 2026

Bitdefender Just Crushed the Competition Again — And Now It’s 50% Off

Bitdefender consistently ranks among the top choices in independent antivirus evaluations due to its impressive detection rates and minimal impact on system performance. It is currently offering a 50% discount for the first year on its consumer plans, which include Antivirus Plus, Total Security, and Premium Security. Each plan provides varying levels of protection and features, such as malware defense, ransomware blocking, VPN access, and password management. Bitdefender operates quietly in the background, allowing users to work without interruptions, and has been noted for its resource efficiency. Customer feedback highlights users' confidence in the software's stable performance. The current pricing for the discounted plans starts at .99 for Antivirus Plus, .99 for Total Security, and .99 for Premium Security.

Tech Optimizer

March 2, 2026

Is Bitdefender Antivirus Better Than McAfee? What Consumer Reports Data Says

Consumer Reports evaluates antivirus software, assigning ratings out of five across factors such as protection, ease of use, and data privacy, culminating in a score out of 100. Top contenders include Bitdefender, McAfee, Norton, Avira, and Avast. Bitdefender specializes in anti-malware protection and offers a free version, while McAfee is a full security suite with a subscription model. Bitdefender slightly outperforms McAfee in overall ratings, though both scored equally in six categories during lab tests. McAfee includes features like a firewall and password manager, which Bitdefender lacks. Consumer Reports also assessed Bitdefender's paid security suites, which include more features than the free antivirus version and outperform McAfee Total Protection in functionality. Bitdefender's suites include features like spam filters, parental controls, and banking protection, while Consumer Reports rates Bitdefender higher overall.

Tech Optimizer

February 17, 2026

Stay safe online with Bitdefender antivirus

Bitdefender is a cybersecurity company founded in 2001, known for its advanced, AI-powered threat prevention and user-friendly interface. It offers real-time protection, scheduled background scanning, and a straightforward installation process. Bitdefender does not disrupt app or device performance and currently provides a 50% discount on its security software compatible with Windows, Android, macOS, and iOS. The software includes antivirus, malware protection, data breach detection, identity protection, and a VPN with 200MB of traffic per day per device. A single account can secure up to three devices. Bitdefender Total Security protects against various online threats and includes a password manager and firewall, while Bitdefender Premium offers unlimited VPN access and the Scam Copilot AI assistant for enhanced security against scams. Users also have access to resources like user guides, video tutorials, and direct support through the Bitdefender Central mobile app.

Tech Optimizer

September 5, 2025

New Malware Exploits Windows Character Map to Evade Defender and Mine Crypto

Darktrace's autonomous detection system identified suspicious activity when a desktop initiated an unusual HTTP connection using a PowerShell user agent. The attack began with the download of a PowerShell script named “infect.ps1” from the IP address 45.141.87[.]195:8000, which dropped both legitimate and malicious binaries into the user’s AppData directory, including a signed version of AutoIt.exe and various encoded payloads. The attackers exploited Windows’ built-in Character Map (charmap.exe) to inject the miner code into its process space, evading antivirus detection. The loader performed checks for task manager presence, user privileges, and antivirus software, and bypassed User Account Control prompts. Once activated, the cryptominer operated discreetly, connecting to external mining pools like asia.ravenminer.com and monerooceans[.]stream. The malware was designed for persistence, re-downloading itself if terminated. Darktrace monitored the infected device, noting DNS requests and connections to Monero mining endpoints, which triggered high-fidelity alerts. Darktrace's Rapid Autonomous Response blocked the device’s outbound communications, preventing the malware from connecting to the mining pool and stopping over 130 attempted calls to external endpoints. The malware exhibited significant obfuscation, utilized legitimate binaries for side-loading, manipulated registry keys for persistence, and injected processes into trusted Windows applications. The incident underscores the threat posed by adaptive cryptojacking malware, which can drain productivity and inflate energy costs. Darktrace's AI-driven detection intercepted the attack early, mapping the kill chain and enabling rapid mitigation. Indicators of Compromise (IoCs) include: - 45.141.87[.]195:8000/infect.ps1 – Malicious PowerShell script - gulf.moneroocean[.]stream – Monero Endpoint - monerooceans[.]stream – Monero Endpoint - 152.53.121[.]6:10001 – Monero Endpoint - 152.53.121[.]6 – Monero Endpoint - https://api[.]chimera-hosting[.]zip/frfnhis/zdpaGgLMav/nbminer[.]exe – NBMiner executable - Db3534826b4f4dfd9f4a0de78e225ebb – NBMiner loader hash

AppWizard

August 5, 2025

New Android Malware Poses as SBI Card and Axis Bank Apps to Steal Financial Data

McAfee’s Mobile Research Team has identified a malware campaign targeting Android users in India, specifically Hindi speakers. The malware disguises itself as legitimate financial applications from banks like SBI Card, Axis Bank, and IndusInd Bank. It is distributed through phishing websites that mimic official banking portals and uses authentic assets to appear credible. The malware has dual functionality: it exfiltrates personal and financial data and mines Monero cryptocurrency using the XMRig tool, activated remotely via Firebase Cloud Messaging (FCM). It masquerades as a Google Play update, prompting users to install it, which leads to data theft. Upon installation, the malware presents a fake Google Play interface and requests sensitive information, which is sent to a command-and-control server. After data submission, users see a misleading confirmation page. The malware employs a multi-stage dropper to evade detection, with remote activation capabilities that keep it dormant until triggered. Phishing sites promote the malicious APK through SMS, WhatsApp, or social media. McAfee has reported these threats to Google, resulting in the blocking of the associated FCM account. All variants are classified as high-risk, with infections primarily in India but some in other regions. Users are advised to download apps only from Google Play and to be cautious with unsolicited links. Indicators of Compromise (IOCs) include specific APKs for various credit cards and phishing site URLs related to the campaign.

Tech Optimizer

April 17, 2025

Bitdefender Antivirus review

Bitdefender Total Security offers comprehensive antivirus protection, a VPN with a daily limit of 200 MB, and specific protections for cryptocurrency mining. The software includes multi-layered antivirus protection, real-time Advanced Threat Detection, Ransomware Remediation, a firewall, and an anti-spam feature. Performance testing shows minimal impact on speed, with quick scans completing in minutes and full scans taking about 30 minutes. Additional features include a secure browser for financial transactions, a virtual keyboard, a trial password manager, webcam and microphone privacy controls, and PC optimization tools. The user interface is designed for ease of use, with a customizable dashboard and intuitive navigation. Support options include phone, chat, and email, with quick transitions to live agents. Bitdefender typically retails at .99 annually, with competitors offering lower introductory prices.

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.