ALERTS CRYPTOCURRENCY
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME | CATEGORY | SUBCATE | INFO |
1.11.24 | TeamTNT targets cloud-native environments in new Cryptojacking campaign | ALERTS | CRYPTOCURRENCY | A new campaign by the cryptojacking group TeamTNT has been reported targeting cloud-native environments for cryptocurrency mining and reselling compromised servers. They exploit exposed Docker daemons to deploy Sliver malware, cyber worms and cryptominers, gaining access through exposed Docker ports and using compromised Docker Hub accounts to spread malware and rent out victims' computational power. |
27.10.24 | North Korean hackers target Cryptocurrency users on LinkedIn with RustDoor malware | ALERTS | CRYPTOCURRENCY | In early September, the FBI warned of North Korean threat actors targeting the crypto industry. A campaign has been reported where these actors attempt to lure potential victims on LinkedIn to deliver RustDoor malware. One user was approached by someone impersonating a recruiter for a legitimate decentralized cryptocurrency exchange (DEX) technology firm, supported by professional-looking websites to enhance the legitimacy of the fake entities. |
20.8.24 | Crypto Investment Scams Posing as Tesla | CRYPTOCURRENCY | A recent report reveals that attackers are exploiting Tesla's name to promote cryptocurrency scams. These scammers have registered domains containing 'Tesla' to deceive users into visiting malicious links. The links lead to the download of a harmful Android application, which is promoted on social platforms such as YouTube and Telegram. | |
9.8.24 | Cryptocurrency-themed lure sites used for phishing attacks | CRYPTOCURRENCY | Threat actors are creating thousands of cryptocurrency-themed lure sites used for phishing attacks that target users of cryptocurrency wallet brands like MetaMask, WalletConnect, Coinbase, Trezor, Ledger, Bitget, Exodus, Phantom, and others. These actors are using free hosting services such as Gitbook and Webflow to create lure sites on crypto wallet typo-squatter subdomains like the following. | |
7.8.24 | Trust (Crypto) Wallet users targeted with a new phishing wave | CRYPTOCURRENCY | Trust Wallet is a crypto wallet that provides its users services such as buying, selling, storing, swapping and managing their cryptocurrencies. Lately, Symantec has observed phish runs that impersonate Trust Wallet services and entice users to open fake notification emails. | |
27.7.24 | SeleniumGreed cryptomining operation | ALERTS | CRYPTOCURRENCY | SeleniumGreed is a recently disclosed cryptomining operation observed in the wild. The campaign targets exposed versions of Selenium Grid which is a component in Selenium open-source automation framework used for testing web applications. |
18.7.24 | Jenkings Script Console exploited for cryptocurrency mining | ALERTS | CRYPTOCURRENCY | Improperly configured Jenkins Script Console instances (such as Jenkins Groovy plugin) have been weaponized by attackers leading to criminal activities such as the deployment of cryptocurrency miners, and backdoors to gather sensitive information. |
10.7.24 | Water Sigbin exploits vulnerabilities to deliver cryptocurrency miner | ALERTS | CRYPTOCURRENCY | The threat actor Water Sigbin (aka 8220 Gang) has exploited vulnerabilities in the Oracle WebLogic Server ( CVE-2017-3506 and CVE-2023-21839) to deliver a cryptocurrency miner called XMRing to the compromised systems. |
26.6.24 | Web Shell attack used for deployment of XMrig coinminer | ALERTS | CRYPTOCURRENCY | Web shell attacks are a common technique used by attackers to maintain persistence and remotely access web servers during cyberattacks. They enable attackers to exploit compromised online applications through predefined phishing methods. Web shells provide attackers with the ability to execute commands on a server while evading detection by blending in with legitimate website traffic. |
18.6.24 | Cryptojacking campaign exploiting Docker engine vulnerabilities | ALERTS | CRYPTOCURRENCY | A new cryptojacking campaign targeting publicly exposed Docker Engine hosts has been observed. It is presumed to be associated with the threat actors behind the previously seen malware campaign dubbed Spinning YARN. The attack vector starts by scanning for open port 2375 and deploying an Alpine Linux container. |
12.6.24 | DERO cryptojacking operation targeting Kubernetes infrastructure | CRYPTOCURRENCY | Dero, a cryptocurrency, offers better privacy, anonymity and faster rewards than Monero, and is often used in cryptojacking according to a March 2023 report. A recent report from a threat researcher discussed the cryptojacking campaign's evolution, where the attack vector involves exploiting an externally accessible Kubernetes API server with anonymous authentication enabled. After gaining access, the attacker deployed cryptominer workloads across various Kubernetes namespaces using benign names to evade detection. | |
6.6.24 | RedTail cryptomining malware exploiting PAN-OS vulnerability | ALERTS | CRYPTOCURRENCY | RedTail cryptocurrency mining malware has added PAN-OS vulnerability to its exploit arsenal. PAN-OS CVE-2024-3400 is a now patched vulnerability that allows an attacker to execute an arbitrary code file with root user privileges. Exploiting this PAN-OS vulnerability and executing the commands successfully can lead to the downloading of the RedTail payload. This malware employs advanced evasion and persistence techniques. RedTail has also used other propagation mechanisms involving other vulnerability exploits (such as CVE-2023-46805 and CVE-2024-21887). |
31.5.24 | Unveiling cryptocurrency mining tactic of the 8220 Gang | ALERTS | CRYPTOCURRENCY | The 8220 Gang, a widely recognized threat actor based in China and driven by financial motives, has been active since 2017. Specializing in deploying cryptocurrency-mining malware, they primarily target cloud-based environments and Linux servers, exploiting known application vulnerabilities as part of their tactics, techniques, and procedures (TTPs). |