September 12, 2017

Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far

Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far

By Catalin Cimpanu
September 12, 2017 08:33 AM 0
Cryptocurrency mining malware evolution

Telemetry data collected by Kaspersky Lab shows that in the first nine months of 2017, malware that mines for various types of cryptocurrencies has infected more than 1.65 million endpoints.

According to Kaspersky, detections for cryptocurrency mining trojans rose from a lowly 205,000 infections in 2013 to nearly 1.8 million in 2016, and 2017 looks like it will easily surpass that number.

Zcash and Monero miners on the rise


Of all virtual currencies, Zcash and Monero were the favorites, primarily because of their support for anonymous transactions, which comes in handy to anyone looking to hide a money trail from criminal operations.

While Monero is a long-time favorite of cryptocurrency mining trojans, Zcash is a recent addition, as the cryptocurrency launched only last November.

Nonetheless, one month later, several criminal mining operations had adopted the currency, with one group's earnings estimated at $75,000/year/~1,000 computers.

A review of past major operations


Since last year, the rise in cryptocurrency mining malware distribution was easily observable by the number of reports put out by cyber-security firms. Such reports often help infosec industry observers to gauge new trends.

Below is a list with the most important malware distribution campaigns that pushed cryptocurrency miners in 2017.

⬗ Terror Exploit Kit dropped a Monero miner back in January
⬗ Even some Mirai botnet variants tested a cryptocurrency mining function
⬗ Adylkuzz cryptocurrency miner deployed via EternalBlue NSA exploit
⬗ Bondnet botnet installed Monero miners on around 15,000 computers, mostly Windows Server instances
⬗ Linux.MulDrop.14 malware mines for cryptocurrency using Raspberry Pi devices exposed online
⬗ Crooks targeted Linux servers via SambaCry exploit to deploy EternalMiner malware.
⬗ Trojan.BtcMine.1259 miner uses NSA's DobulePulsar to infect Windows computers
⬗ DevilRobber cryptocurrency miner became the second most popular Mac malware in July
⬗ Linux.BTCMine.26, a Monero miner that included references to Brian Krebs in its source code.
⬗ CoinMiner campaign that used EternalBlue and WMI to infect users
⬗ Zminer trojan found infecting Amazon S3 servers
⬗ CodeFork gang used fileless malware to push a Monero miner
⬗ Hiking Club malvertising campaign dropped Monero miners via Neptune Exploit Kit
⬗ A CS:GO cheat that delivered a Monero miner for MacOS users
⬗ Jimmy banking trojan adds support for a Monero miner
⬗ New Monero miner advertised via Telegram

These are only some of the major campaigns, but there are countless of other smaller operations that went unreported.

If you're wondering why is this rise in cryptocurrency mining malware taking place, the answer is quite simple. During the past year, trading prices for virtual currencies have skyrocketed across the board, almost for all major cryptocurrencies. Bitcoin, Monero, Ethereum, Zcash, and others, have seen huge price spikes that have fueled market speculation and attracted both legitimate users and the criminal underground looking to make a quick buck.

Continue reading "Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far"
Posted by iang at 10:57 AM | Comments (0)

September 10, 2017

Syrian Passports in hands of ISIS

In the long running thread about controversial identification documents, RT reports:

German authorities believe that Islamic State terrorists have stolen over 11,000 blank Syrian passports, confidential documents seen by the Bild am Sonntag newspaper reportedly reveal. German Investigators have made a list of the serial numbers of the blank passports, the newspaper reported, citing confidential documents of the German Federal Criminal Police Office (BKA), the interior ministry and the country's federal police (BPOL).

“According to BKA information, there are 11,100 Syrian blank passports… in the hands of the IS [Islamic State, also known as ISIS/ISIL],” the documents from the interior ministry reportedly state. In total, 18,002 blank Syrian passports were stolen from the Syrian government, Bild am Sonntag reported.

Developments in connection with the refugee question have shown that terrorist organizations are using the opportunity to infiltrate potential IS attackers into Europe undetected, a BKA official told the paper.

Fake or altered passports are mostly used “for illegal entry without further motives like carrying out a terrorist attack,” the official added.

According to the documents seen by Bild, at least 8,625 passports checked by German migration authorities in 2016 turned out to be counterfeits.

No news of prices.

Posted by iang at 08:40 PM | Comments (0)