Saturday, June 15, 2024

Cryptocurrency-mining Malware Sold in Underground Markets Targeting IoT Devices

Starting from 2018 cyber threat landscape shifted from Ransomware to Cryptocurrency mining attacks, attackers targeted a number of internet portals and different kinds of servers. Hackers taking each and every probability for mining cryptocurrencies, even they inserted Cryptocurrency mining malware with the embedded videos in word documents.

The Cryptocurrency mining attacks not limited to computer’s, almost every device that connected to the Internet may be a part of it. Cryptomalware based on two methods stealing cryptocurrency and mining cryptocurrency.

Cryptocurrency-mining malware consumes the system resources and utilizes them for mining cryptocurrencies without user permissions. The Cryptocurrency-stealing malware targets wallet address on local storages on various devices and replaces its own address.

Trend Micro researchers published a research report on how cryptocurrency-mining malware is being offered in the underground hacking forums and how the advertised features compare against one another.

Researchers spotted latest offerings of a Monero (XMR) cryptocurrency-mining malware called DarkPope in underground markets offered for $49 with 24/7 support.
Not only the cryptocurrency-mining malware they also offer cryptocurrency-stealing malware ” researchers spotted a piece of cryptocurrency-stealing malware called Pony that offered for $20.”

“We believe this is a huge trend, one that is unlikely to go away anytime soon. We have seen miners moving from bitcoin to Ethereum and now embracing Monero and Zcash. Some criminals have also started conversations about MoneroV, which hasn’t even been released yet.” reads Trend Micro report.

Also read Hackers Illegally Purchasing Abused Code-signing & SSL Certificates From Underground Market

When compared to computers or laptop the smartphones and IoT devices having very less computing power, but attackers creating cryptocurrency-mining malware targeting to infect these devices

The cryptocurrency-mining malware like Hiddenminer uses the all the computational power in mobile devices for mining and could cause the device to overheat and potentially fail.

“It will appear that cryptocurrency malware is gaining traction as a subject in forums within the cybercriminal underground. but still, it is not as profitable as other criminals may think — at least not yet.”

To mitigate from falling to cryptojacking attacks regularly update your device firmware, Don’t use default credentials, stay vigil against known attack vectors.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles