ALERTS CRYPTOCURRENCY


HOME  APT  BOTNET  CAMPAIGN  CRIME  CRYPTOCURRENCY  EXPLOIT  HACKING  GROUP  OPERATION  PHISHING  RANSOM  SPAM  VIRUS  VULNEREBILITY 


DATE

NAME

CATEGORY

SUBCATE

INFO

1.11.24

TeamTNT targets cloud-native environments in new Cryptojacking campaign ALERTS CRYPTOCURRENCY A new campaign by the cryptojacking group TeamTNT has been reported targeting cloud-native environments for cryptocurrency mining and reselling compromised servers. They exploit exposed Docker daemons to deploy Sliver malware, cyber worms and cryptominers, gaining access through exposed Docker ports and using compromised Docker Hub accounts to spread malware and rent out victims' computational power.

27.10.24

North Korean hackers target Cryptocurrency users on LinkedIn with RustDoor malware ALERTS CRYPTOCURRENCY In early September, the FBI warned of North Korean threat actors targeting the crypto industry. A campaign has been reported where these actors attempt to lure potential victims on LinkedIn to deliver RustDoor malware. One user was approached by someone impersonating a recruiter for a legitimate decentralized cryptocurrency exchange (DEX) technology firm, supported by professional-looking websites to enhance the legitimacy of the fake entities.

20.8.24

Crypto Investment Scams Posing as Tesla

ALERTS

CRYPTOCURRENCYA recent report reveals that attackers are exploiting Tesla's name to promote cryptocurrency scams. These scammers have registered domains containing 'Tesla' to deceive users into visiting malicious links. The links lead to the download of a harmful Android application, which is promoted on social platforms such as YouTube and Telegram.

9.8.24

Cryptocurrency-themed lure sites used for phishing attacks

ALERTS

CRYPTOCURRENCYThreat actors are creating thousands of cryptocurrency-themed lure sites used for phishing attacks that target users of cryptocurrency wallet brands like MetaMask, WalletConnect, Coinbase, Trezor, Ledger, Bitget, Exodus, Phantom, and others. These actors are using free hosting services such as Gitbook and Webflow to create lure sites on crypto wallet typo-squatter subdomains like the following.

7.8.24

Trust (Crypto) Wallet users targeted with a new phishing wave

ALERTS

CRYPTOCURRENCYTrust Wallet is a crypto wallet that provides its users services such as buying, selling, storing, swapping and managing their cryptocurrencies. Lately, Symantec has observed phish runs that impersonate Trust Wallet services and entice users to open fake notification emails.

27.7.24

SeleniumGreed cryptomining operationALERTSCRYPTOCURRENCYSeleniumGreed is a recently disclosed cryptomining operation observed in the wild. The campaign targets exposed versions of Selenium Grid which is a component in Selenium open-source automation framework used for testing web applications.

18.7.24

Jenkings Script Console exploited for cryptocurrency miningALERTSCRYPTOCURRENCYImproperly configured Jenkins Script Console instances (such as Jenkins Groovy plugin) have been weaponized by attackers leading to criminal activities such as the deployment of cryptocurrency miners, and backdoors to gather sensitive information.

10.7.24

Water Sigbin exploits vulnerabilities to deliver cryptocurrency minerALERTSCRYPTOCURRENCYThe threat actor Water Sigbin (aka 8220 Gang) has exploited vulnerabilities in the Oracle WebLogic Server ( CVE-2017-3506 and CVE-2023-21839) to deliver a cryptocurrency miner called XMRing to the compromised systems.
26.6.24Web Shell attack used for deployment of XMrig coinminerALERTSCRYPTOCURRENCYWeb shell attacks are a common technique used by attackers to maintain persistence and remotely access web servers during cyberattacks. They enable attackers to exploit compromised online applications through predefined phishing methods. Web shells provide attackers with the ability to execute commands on a server while evading detection by blending in with legitimate website traffic.
18.6.24Cryptojacking campaign exploiting Docker engine vulnerabilitiesALERTSCRYPTOCURRENCYA new cryptojacking campaign targeting publicly exposed Docker Engine hosts has been observed. It is presumed to be associated with the threat actors behind the previously seen malware campaign dubbed Spinning YARN. The attack vector starts by scanning for open port 2375 and deploying an Alpine Linux container.
12.6.24DERO cryptojacking operation targeting Kubernetes infrastructure CRYPTOCURRENCYDero, a cryptocurrency, offers better privacy, anonymity and faster rewards than Monero, and is often used in cryptojacking according to a March 2023 report. A recent report from a threat researcher discussed the cryptojacking campaign's evolution, where the attack vector involves exploiting an externally accessible Kubernetes API server with anonymous authentication enabled. After gaining access, the attacker deployed cryptominer workloads across various Kubernetes namespaces using benign names to evade detection.

6.6.24

RedTail cryptomining malware exploiting PAN-OS vulnerabilityALERTSCRYPTOCURRENCYRedTail cryptocurrency mining malware has added PAN-OS vulnerability to its exploit arsenal. PAN-OS CVE-2024-3400 is a now patched vulnerability that allows an attacker to execute an arbitrary code file with root user privileges. Exploiting this PAN-OS vulnerability and executing the commands successfully can lead to the downloading of the RedTail payload. This malware employs advanced evasion and persistence techniques. RedTail has also used other propagation mechanisms involving other vulnerability exploits (such as CVE-2023-46805 and CVE-2024-21887).

31.5.24

Unveiling cryptocurrency mining tactic of the 8220 GangALERTSCRYPTOCURRENCYThe 8220 Gang, a widely recognized threat actor based in China and driven by financial motives, has been active since 2017. Specializing in deploying cryptocurrency-mining malware, they primarily target cloud-based environments and Linux servers, exploiting known application vulnerabilities as part of their tactics, techniques, and procedures (TTPs).