Remove Antivirus Remove Cryptocurrency Remove DNS
article thumbnail

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 138
article thumbnail

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Satacom delivers browser extension that steals cryptocurrency

SecureList

It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. To do so, it performs a DNS request to don-dns[.]com com (a decrypted HEX string) through Google DNS (8.8.8.8,

article thumbnail

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS.

Hacking 357
article thumbnail

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

SteelFox resolves this via Google Public DNS and DNS over HTTPS (DoH). GitHub payloads After that, the malware resolves the IP address behind the ankjdans[.]xyz xyz domain which serves as a C2 server. Although the domain is hardcoded, switching IPs behind it helps the attacker remain undetected. communication.

Software 125
article thumbnail

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

DNS 145
article thumbnail

Ad blocker with miner included

SecureList

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer.

DNS 145