Apple approved a Mac app with a misbehaving crypto-mining feature

You’d think apps with crypto-miners could only be found in various shady venues on the internet. But that’s apparently not the case: a popular alternative for the Mac calendar called Calendar 2 recently gave people a way to unlock its Premium features by bundling in a Monero miner with a recent update. And, yes, it was available for download straight from iTunes — it’s just not clear whether it slipped past Apple’s watchful eye or if the tech titan really approved it. While you’re supposed to agree to switch the miner on in a dialog box (pictured below), at least one person is saying that it launched without his permission:

Source: Ars Technica

Attackers used Telegram to deliver cryptocurrency-mining malware

Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users’ computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers’ servers.

Via: Bloomberg

Source: Kaspersky

The harmful drive-by currency mining scourge shows no signs of abating

Aw, damn. (credit: cibomahto)

The scourge of drive-by currency mining—in which websites and apps covertly run resource-draining code on other people’s devices—shows no sign of abating. Over the weekend, researchers added two more incidents: one involves more than 4,200 sites (some operated by government agencies), while the other targets millions of Android devices.

The first incident affected sites that offer a free text-to-speech translation service called Browsealoud. On Sunday, someone changed the JavaScript code hosted here to include currency-mining code from Coinhive, a controversial site that uses the devices of site visitors, usually without their permission, to generate digital coin known as Monero.

In the process, any site that included a link to the Browsealoud JavaScript suddenly saddled its visitors with code that, by default, uses 100 percent of its CPU resources, with no attempt to warn end users or get their permission. Search results show that the breach

Continue reading “The harmful drive-by currency mining scourge shows no signs of abating”

In just 24 hours, 5,000 Android devices are conscripted into mining botnet

Enlarge (credit: Google)

A fast-moving botnet that appeared over the weekend has already infected thousands of Android devices with potentially destructive malware that mines digital coins on behalf of the unknown attackers, researchers said.

The previously unseen malware driving the botnet has worm-like capabilities that allow it to spread with little or no user interaction required, researchers with Chinese security firm Netlab wrote in a blog post published Sunday. Once infected, Android phones and TV boxes scan networks for other devices that have Internet port 5555 open. Port 5555 is normally closed, but a developer tool known as the Android Debug Bridge opens the port to perform a series of diagnostic tests. Netlab’s laboratory was scanned by infected devices from 2,750 unique IPs in the first 24 hours the botnet became active, a figure that led researchers to conclude that the malware is extremely fast moving.

“Overall, we think

Continue reading “In just 24 hours, 5,000 Android devices are conscripted into mining botnet”

In just 24 hours, 5,000 Android devices are conscripted into mining botnet

Enlarge (credit: Google)

A fast-moving botnet that appeared over the weekend has already infected thousands of Android devices with potentially destructive malware that mines digital coins on behalf of the unknown attackers, researchers said.

The previously unseen malware driving the botnet has worm-like capabilities that allow it to spread with little or no user interaction required, researchers with Chinese security firm Netlab wrote in a blog post published Sunday. Once infected, Android phones and TV boxes scan networks for other devices that have Internet port 5555 open. Port 5555 is normally closed, but a developer tool known as the Android Debug Bridge opens the port to perform a series of diagnostic tests. Netlab’s laboratory was scanned by infected devices from 2,750 unique IPs in the first 24 hours the botnet became active, a figure that led researchers to conclude that the malware is extremely fast moving.

“Overall, we think

Continue reading “In just 24 hours, 5,000 Android devices are conscripted into mining botnet”

Hackers turn WebLogic, PeopleSoft servers into cryptocoin miners

If “java” suddenly dies on your WebLogic or PeopleSoft server, you may be getting mined for Monero. (credit: David Cairns / Getty Images)

In a report published on January 7 by SANS Technology Institute, Morphus Labs researcher Renato Marinho revealed what appears to be an ongoing worldwide hacking campaign by multiple attackers against PeopleSoft and WebLogic servers that leverages a Web application server vulnerability patched by Oracle late last year.

These attackers aren’t stealing data from victims, however—at least as far as anyone can tell. Instead, the exploit is being used to mine cryptocurrencies. In one case, according to analysis posted today by SANS Dean of Research Johannes B. Ullrich, the attacker netted at least 611 Monero coins (XMR)—$226,000 dollars’ worth of the cryptocurrency.

The attacks appear to have leveraged a proof-of-concept exploit of the Oracle vulnerability published in December by Chinese security researcher Lian Zhang. Almost immediately after

Continue reading “Hackers turn WebLogic, PeopleSoft servers into cryptocoin miners”

Cryptojacking craze that drains your CPU now done by 2,500 sites

Enlarge / A music streaming site that participated in Coinhive crypto mining maxes out the visitor’s CPU. (credit: Malwarebytes)

A researcher has documented almost 2,500 sites that are actively running cryptocurrency mining code in the browsers of unsuspecting visitors, a finding that suggests the unethical and possibly illegal practice has only picked up steam since it came to light a few weeks ago.

Willem de Groot, an independent security researcher who reported the findings Tuesday, told Ars that he believes all of the 2,496 sites he tracked are running out-of-date software with known security vulnerabilities that have been exploited to give attackers control. Attackers, he said, then used their access to add code that surreptitiously harnesses the CPUs and electricity of visitors to generate the digital currency known as Monero. About 80 percent of those sites, he added, also contain other types of malware that can steal visitors’ payment

Continue reading “Cryptojacking craze that drains your CPU now done by 2,500 sites”

Researchers say WannaCry operator moved bitcoins to “untraceable” Monero

Enlarge (credit: Monero)

When the master or masters of the WannaCry cryptoransomware worm emptied the bitcoin wallets associated with the malware earlier this week, they apparently did so to make future movement of the funds more anonymous. According to researchers at the Italian information security firm Neutrino, the bitcoin were exchanged for XMR, the “untraceable” private digital currency backed by Monero.

On Wednesday, the 52.2 bitcoins in the wallet were drained out over nine transactions, as detected by a bot created by Quartz’s Keith Collins. Neutrino researchers traced the moved bitcoins to wallets associated with Monero.

Monero is a private digital currency that is focused on anonymity. While it is based on blockchain like other cryptocurrencies and uses distributed consensus for all transactions to prevent wallet hacking, it uses “ring signatures”—an anonymous cryptographic signature scheme—to sign transactions. This makes it impossible to tell which parties were involved in

Continue reading “Researchers say WannaCry operator moved bitcoins to “untraceable” Monero”