Cryptocurrency-mining criminals that netted $3 million gear up for more

Enlarge / Money. (credit: AMC)

Researchers have uncovered what they said is one of the biggest malicious currency mining operations ever, with more than $3 million worth of digital coin. Now, the operators are gearing up to make more.

The unknown criminals generated the windfall over the past 18 months. The campaign has mainly exploited critical vulnerabilities on Windows computers and then, once gaining control over them, installing a modified version of XMRig, an open-source application that mines the digital coin known as Monero. While the group has used a variety of mining services, it has continued to dump the proceeds into a single wallet. As of last week, the wallet had received payouts of almost 10,829 Monero, which, at current valuations, are worth more than $3.4 million.

“The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows and has already

Continue reading “Cryptocurrency-mining criminals that netted $3 million gear up for more”

Attackers used Telegram to deliver cryptocurrency-mining malware

Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users’ computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers’ servers.

Via: Bloomberg

Source: Kaspersky

The harmful drive-by currency mining scourge shows no signs of abating

Aw, damn. (credit: cibomahto)

The scourge of drive-by currency mining—in which websites and apps covertly run resource-draining code on other people’s devices—shows no sign of abating. Over the weekend, researchers added two more incidents: one involves more than 4,200 sites (some operated by government agencies), while the other targets millions of Android devices.

The first incident affected sites that offer a free text-to-speech translation service called Browsealoud. On Sunday, someone changed the JavaScript code hosted here to include currency-mining code from Coinhive, a controversial site that uses the devices of site visitors, usually without their permission, to generate digital coin known as Monero.

In the process, any site that included a link to the Browsealoud JavaScript suddenly saddled its visitors with code that, by default, uses 100 percent of its CPU resources, with no attempt to warn end users or get their permission. Search results show that the breach

Continue reading “The harmful drive-by currency mining scourge shows no signs of abating”

Now even YouTube serves ads with CPU-draining cryptocurrency miners

Enlarge (credit: Diego Betto)

YouTube was recently caught displaying ads that covertly leach off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported.

Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube.

Hackers find new ways to print digital money for free

(credit: US Treasury Department)

The sky-high valuations of cryptocurrencies isn’t lost on hackers, who are responding with increasingly sophisticated attacks that covertly harness the computers and electricity of unwitting people to generate digital coins worth large sums of money.

One example is a recently uncovered mass hack of servers that has mined about $6,000 worth of the cryptocurrency known as AEON in the past 23 days. Based on the rate the underlying cryptographic hashes are being generated, Morphus Labs Chief Research Officer Renato Marinho estimated that about 450 separate conscripted machines are participating. Marinho analyzed one of the servers and found that attackers gained control over it by exploiting CVE-2017-10271, a critical vulnerability in Oracle’s WebLogic package that was patched in October. The owner of the compromised server, however, had yet to install the fix.

“The exploit is pretty simple to execute and comes with a Bash script to

Continue reading “Hackers find new ways to print digital money for free”

Cryptojacking craze that drains your CPU now done by 2,500 sites

Enlarge / A music streaming site that participated in Coinhive crypto mining maxes out the visitor’s CPU. (credit: Malwarebytes)

A researcher has documented almost 2,500 sites that are actively running cryptocurrency mining code in the browsers of unsuspecting visitors, a finding that suggests the unethical and possibly illegal practice has only picked up steam since it came to light a few weeks ago.

Willem de Groot, an independent security researcher who reported the findings Tuesday, told Ars that he believes all of the 2,496 sites he tracked are running out-of-date software with known security vulnerabilities that have been exploited to give attackers control. Attackers, he said, then used their access to add code that surreptitiously harnesses the CPUs and electricity of visitors to generate the digital currency known as Monero. About 80 percent of those sites, he added, also contain other types of malware that can steal visitors’ payment

Continue reading “Cryptojacking craze that drains your CPU now done by 2,500 sites”

Forest Service suggests Trump could reopen uranium mining near Grand Canyon

Canyon Uranium Mine Tower, Arizona, 2013. (credit: Kaibab National Forest)

The US Forest Service recently submitted a report (PDF) to the Trump Administration, suggesting that an Obama-era order could be revised to allow uranium mining on National Forest land, reopening old tensions in an area that sustains tribal interests, mining operations, and outdoor activities.

The report was submitted in response to a March presidential order requiring all agencies to review their body of rules, policies, and guidelines pertaining to energy development in the United States. Agencies were directed to provide the White House with a list of items that might weigh down the development of domestic energy resources “with particular attention to oil, natural gas, coal, and nuclear energy resources,” according to the Forest Service, which is an agency within the US Department of Agriculture (USDA).

The Forest Service ultimately outlined 15 agency rules, regulations, and agreements that could

Continue reading “Forest Service suggests Trump could reopen uranium mining near Grand Canyon”

A surge of sites and apps are exhausting your CPU to mine cryptocurrency

Enlarge / A cryptocurrency mining farm. (credit: Marco Krohn)

The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.

The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App.

Last week, researchers from security firm Sucuri warned that at

Continue reading “A surge of sites and apps are exhausting your CPU to mine cryptocurrency”

King under the mountain: Building Colorado’s Cold War command center

COLORADO SPRINGS, CO—Across the highway from the US Air Force Academy is a tiny cluster of buildings that represents one of Colorado Springs’ earliest claims to fame: mining.

The Western Museum of Mining and Industry (WMMI) looks out onto a glorious expanse of the Rocky Mountains and is home to all manner of antique equipment that extracted minerals from those mountains.

But on a balmy April night, as a spring snowstorm rolled in from the west, Ars attended a lecture at the museum about a nearby mining marvel that was not intended to extract riches, but

Continue reading “King under the mountain: Building Colorado’s Cold War command center”

Amnesty International report: Children mine cobalt used in gadget batteries

(credit: UNICEF)

Children as young as seven years old are working for up to $2 daily mining in dangerous conditions to gather cobalt used in lithium batteries for 16 multinational corporations like Apple, Microsoft, Samsung, Sony, and others, according to Amnesty International.

If true, a report by the human rights group about mining conditions in the Democratic Republic of Congo counters claims by gadget producers that child labor is not involved in their production stream. The report said at least 80 miners have died in the past year in the DRC, which produces about half the world’s cobalt. Unicef estimates that there are as many as 40,000 child miners in the region. Amnesty International interviewed dozens of workers, who usually wear no protective clothing while toiling long hours.

A 14-year-old orphan named Paul said he works so long underground that “I had to relieve myself down in the tunnels,”

Continue reading “Amnesty International report: Children mine cobalt used in gadget batteries”

President signs pro-asteroid mining bill into law

        <img src="http://o.aolcdn.com/dims-shared/dims3/GLOB/crop/4840x3257+0+418/resize/1200x808!/format/jpg/quality/85/http://hss-prod.hss.aol.com/hss/storage/midas/5534a4a998f6f11f0126d79f31edb68f/203042310/9519092016_c5e3ea9a66.jpg" />And just like that, American asteroid mining efforts are legal.  President Obama has signed the US Commercial Space Launch Competitiveness Act (CSLCA) into law following Congress&#039; approval, letting companies keep whatever resources they collect beyon...

Recommended Reading: Marvel’s ‘Jessica Jones’ is a different kind of hero

        <img src="http://o.aolcdn.com/hss/storage/midas/728978f88dd7a777fc84a0c1ef140dc5/202998139/jessi_s1_014_h.jpg" />

Recommended Reading highlights the best long-form writing on technology and more in print and on the web. Some weeks, you'll also find short reviews of books that we think are worth your time. We hope you enjoy the read.

Marvel's Astounding 'Jess…

Congress approves space mining, minus regulation

        <img src="http://o.aolcdn.com/hss/storage/midas/2d118eefa3ea22e50834b31bc3b3cc9a/203004074/nasa-asteroid-visit.jpg" />

American companies now have the all-clear to pursue their dreams of mining in space. Both the House of Representatives and the Senate have passed the US Commercial Space Launch Competitiveness Act, a measure that lets US companies own any non-orga…

South American ice chemistry records rise of Incas, arrival of Spanish

Ice cores are often relied on to be natural archives of past climate, capturing information that predates both our measurements and our greenhouse gas emissions. They’re a way of having records of the natural world that we don’t have a history of. However, natural archives like these can also act as records of human history, either directly (via fossils or artifacts) or indirectly.

In mountainous regions, glacial ice doesn’t go as deep into the past as in Greenland or Antarctica, but it can tell stories of the recent past with excellent resolution. Airborne pollutants, for example, stand out sharply in measurements of the ice. They don’t say “pure as the driven snow” for nothing.

Not much of this kind of work has been done in South America, though. Some lake sediment archives have shown the influence of local mining, but the timeline was fuzzy. In a new study, a team led by Chiara Uglietti, now at Switzerland’s Paul Scherrer Institute, has produced a detailed ice core record of air pollution from Peru’s Quelccaya Ice Cap that goes back to the year 793.

Read 10 remaining paragraphs | Comments

Farewell to Arscoin: Preparing to kill our cryptocurrency

Aurich Lawson

All good things must come to an end, and the time is approaching when Arscoin, our experimental cryptocurrency, will soon be joining Susan B. Anthony dollars in the great retired currency bank in the sky. It’s been a fun experiment—both to set up and to watch—but it has served its purpose.

And what, exactly, was that purpose? Certainly not to create a new form of money invested with actual value; Arscoins have fungibility, but not liquidity (not inherently, anyway). We wanted to explore the actual process of creating a cryptocurrency. Unlike a physical fiat currency like US dollars, which require both expensive means of production and also substantial assurances of value (“the full faith and credit” of the United States government), dashing off a cryptocurrency based on the Bitcoin or Litecoin source code requires essentially no effort or capital investment. We spent more time setting up servers and applications than we did actually doing anything resembling traditional banking.

Value, though, is where you find it. We took steps to keep Arscoin behind a “glass bubble,” ensuring that the blockchain remained only on our servers rather than setting it free (which is arguably a fundamental requirement for any “real” cryptocurrency to thrive—that lack of centralized control and massive decentralized transaction verification). Instead of a currency exchange, we set up a store where users could buy hats and colored usernames. “Withdrawing” Arscoins from the system wasn’t really possible—you could certainly send them to other Ars users’ online wallet addresses, but we didn’t make offline wallets available. The only way to turn them into “real” money would be by a physical trade, and even then, Arscoins would only move between online wallets on Ars Technica-controlled servers.

Read 11 remaining paragraphs | Comments

Apps with millions of Google Play downloads covertly mine cryptocurrency

Update: About 12 hours after this post went live, one of the two mentioned Android apps, Prized, was no longer available in Google Play. The other app, Songs, remained. Google representatives sent Ars an e-mail saying they won’t be commenting on this report. The Google Play developer policy is here. Among other things, it requires that apps that engage in distributed computing behavior include up front disclosure that establishes user knowledge and obtains explicit consent.

Researchers said they have uncovered two apps that were downloaded from the official Google Play market more than one million times that use Android devices to mine the Litecoin and Dogecoin cryptocurrencies without explicitly informing end users.

According to a blog post published Tuesday by a researcher from antivirus provider Trend Micro, the apps are Songs, installed from one million to five million times, and Prized, which was installed from 10,000 to 50,000 times. Neither the app descriptions nor their terms of service make clear that the apps subject Android devices to the compute-intensive process of mining, Trend Micro Mobile Threats Analyst Veo Zhang wrote. As of Wednesday afternoon, the apps were still available.

Read 4 remaining paragraphs | Comments

Rare earth recycling: Is it worth it?

Problems with rare earth metal supply has led to the reopening of this mine in California.

Rare earth metals are absolutely critical to modern life. Fiber optic communications require erbium. Neodymium is a critical component in modern permanent magnets. Without a steady supply of rare earth metals, we would find ourselves in some difficulty, and things may get even more critical in the future—quantum memory may lie in the hands of praseodymium.

Despite this need for rare earth metals, pretty much the entire supply comes from one country: China. In 2010, politicians finally noticed this, as China started restricting its export. In response, a team of researchers from the Netherlands and the United Kingdom have been investigating our ability to recycle rare earth metals.

China’s open-pit mines

In an apparent response to environmental pressure, China began to restrict the exportation of rare earth metals in 2010. At the time, China controlled 95 percent of the market. Manufacturers were rocked by the price fluctuations, eventually complaining to the World Trade Organization in an effort to stabilize supply. Even if you’re suspicious of China’s true motives, mining rare earths is a dirty job, involving some pretty vicious acids, bases, solvents—and the whole process raises the risk of miners breathing in a serious amount of radioactive dust. So whatever China’s underlying motive was, cleaning up the mining industry is a good thing.

Read 14 remaining paragraphs | Comments

The Arscoin rollout, through the eyes of the server administrators

“Make a cryptocurrency,” they said. “All the cool kids are doing it,” they said. And so we did. And for most of launch day, it fell on its ass and flailed around like a dying giraffe.

Cyrus Farivar’s piece on Arscoin tells you how the currency was created, and Andrew Cunningham’s piece on mining tells you how to get them. But while Cyrus and Andrew and other staffers were busy in early January ferreting out the means to create Arscoin, tech wizard Lee Aylward and I had our own task: we had to figure out what kind of infrastructure we needed to put behind our funny money. Getting it working proved to be frustrating and occasionally hilarious—and, as is so typical with the Internet, once launch day hit all the planning and preparation went flying out the window.

Now that we’re on our third day of public Arscoin mining, things seem to be mostly stable. But what exactly goes into the backend of a scrypt-based mining operation? How do pools look from the administrative side? What kind of hamster-powered wreck of a server did we choose to host this on? Why didn’t we plan better, and what kind of magic did we throw at this mess to make it work right? And that stuff we did to fix the pool—why didn’t we just do that in the first place?

Read 41 remaining paragraphs | Comments

Dear wannabe Bitcoin miners: If it seems too good to be true, it’s probably 4Chan

The allure of Bitcoin is understandable. In the past, the digital currency’s price has fluctuated wildly, growing in value at an incredible rate. What does a Bitcoin currently cost? It changes by the hour. And outside of buying them at market rates, the only way to get Bitcoins is a complicated mining process. As with any gold rush, there are always suckers to be found, and the pranksters at 4chan are always ready to mess with them.

Today, the denizens of 4chan’s infamous /b/ board, an anarchist playground for horrific images and incredibly cruel jokes, released the image you see above. It purports to tell users how to unlock a secret Bitcoin mining program in the Mac OS. Instead, it directs them to delete essential files on their computer, effectively killing the machine. 4chan is in no way safe for work, so take that into consideration before Google searching the site.

The Daily Dot was able to find a few users who were dumb enough to try unsolicited secret money-making information they found on the internet. So here’s our helpful three-step guide for not getting tricked into bricking your own computer.

1. When you discover something online that’s too good to be true, stop and think before acting.

2. Don’t worry about thinking with your gut. Do a Google search and see if a reputable source has replicated the results. If not, leave well enough alone unless it’s a neat lifehack for crisping potatoes.

3. If the original source of information was an infographic you saw online and it’s not just a neat lifehack for crisping potatoes, skip step 2 and simply don’t take the advice.

Stay safe out there.

Dear wannabe Bitcoin miners: If it seems too good to be true, it’s probably 4Chan originally appeared on TUAW – The Unofficial Apple Weblog on Thu, 12 Dec 2013 17:30:00 EST. Please see our terms for use of feeds.

Source | Permalink | Email this | Comments