SecureList

JUNE 5, 2023

It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. To do so, it performs a DNS request to don-dns[.]com com (a decrypted HEX string) through Google DNS (8.8.8.8,

Cryptocurrency 113

Cryptocurrency DNS Malware Encryption 113

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS 95

DNS Phishing Ransomware Internet 95

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. tmp 2>&1″ Stealing cryptocurrency. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Krebs on Security

JULY 15, 2024

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network , Compound Finance , Pendle Finance , and Unstoppable Domains. Monahan said the migration has left domain owners with fewer options to secure and monitor their accounts.

Accountability 325

Accountability Cryptocurrency Passwords DNS 325

Bleeping Computer

JANUARY 22, 2024

Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. [.]

DNS 106

DNS Malware Cryptocurrency 106

Threatpost

OCTOBER 13, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.

Cryptocurrency 97

Cryptocurrency DNS 97

Krebs on Security

DECEMBER 20, 2018

They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. ” In such assaults, the perpetrators leverage unmanaged Domain Name Servers (DNS) or other devices on the Web to create huge traffic floods.

DNS 224

DNS Computers and Electronics Government Internet 224

Krebs on Security

SEPTEMBER 26, 2024

The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. Holden has long maintained visibility into cryptocurrency transactions made by BriansClub. The links have been redacted.

Cryptocurrency 290

Cryptocurrency Cybercrime Retail Government 290

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. GuptiMiner connects directly to malicious DNS servers, bypassing the DNS network entirely. The final payload distributed by GuptiMiner was also XMRig.

Antivirus 131

Antivirus Malware DNS Cryptocurrency 131

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. states the report published by Intezer. .

Cryptocurrency 111

Cryptocurrency Malware Ransomware Cybercrime 111

Malwarebytes

JULY 4, 2022

DNS encryption. DNS encryption plugs a gap that makes it easy to track the websites you visit. The domain name system (DNS) is a distributed address book that lists domain names and their corresponding IP addresses. Cryptocurrencies. People may be surprised to see cryptocurrencies appearing in our list.

Internet 124

Internet Internet Technology DNS 124

Krebs on Security

MARCH 28, 2021

I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS. “This morning, I noticed a fan making excessive noise on a server in my homelab,” the reader said.

Hacking 363

Hacking Cybercrime DNS Internet 363

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus 144

Antivirus Cryptocurrency Malware Software 144

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. ” concludes the analysis.”

DNS 145

DNS Internet Internet Malware 145

Bleeping Computer

NOVEMBER 24, 2022

Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. [.].

DNS 94

DNS Cryptocurrency 94

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering 106

Social Engineering Engineering DNS Accountability 106

Heimadal Security

NOVEMBER 25, 2022

More than 1,600 publicly available images on Docker Hub were found to hide malicious behavior, including DNS hijackers, cryptocurrency miners, website redirectors, and embedded secrets that can be used as backdoors. Docker images serve as templates for quickly and easily building containers with pre-built code and applications.

Malware 96

Malware DNS Cryptocurrency Cybersecurity 96

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. NS ???????????? awsdns-61[.]org

Accountability 128

Accountability Phishing DNS Cryptocurrency 128

Security Affairs

JANUARY 25, 2021

. “These particular applications are targeted because they often run on systems that have powerful underlying hardware with significant amounts of memory and powerful CPUs—all of which allow threat actors to maximize their ability to monetize these resources through mining cryptocurrency.” Ransomware, data theft).

Cryptocurrency 145

Cryptocurrency Malware DNS Passwords 145

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. The DNS redirection was discovered in a few hours, but it was enough for the hackers to steal more than $800,000 from the accounts of the EtherDelta users.

Hacking 104

Hacking DNS Cryptocurrency Accountability 104

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Experts from BleepingComputer reported that attackers would change the configured DNS servers to 109 [. 234.35.230 and 94 [. 103.82.249. com winimage.com.

Malware 111

Malware DNS Advertising Cryptocurrency 111

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Malware 120

Malware DNS Cryptocurrency Internet 120

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

Cryptocurrency 142

Cryptocurrency Cybercrime DNS Malware 142

Krebs on Security

FEBRUARY 26, 2023

The hackers were able to change the Domain Name System (DNS) records for the transaction brokering site escrow.com so that it pointed to an address in Malaysia that was host to just a few other domains, including the then brand-new phishing domain servicenow-godaddy[.]com.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. “It installs a cryptocurrency-mining malware as well as implant itself into the system and crontabs to survive reboots and deletions.”

Malware 111

Malware Cryptocurrency Advertising DNS 111

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 137

Cryptocurrency Media Social Engineering Phishing 137

Security Affairs

OCTOBER 15, 2019

. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. These records are accessed via normal DNS queries or DNS-over-HTTPs ( DoH ) if the DNS query fails. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cybercrime 93

Cybercrime DNS Malware Advertising 93

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 136

Backups Cryptocurrency DNS Malware 136

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. After substituting the DNS servers, the malware starts updating itself by running update.exe with the argument self-upgrade (“C:Program Files (x86)AdShieldupdater.exe” -self-upgrade). transmissionbt[.]org.

DNS 145

DNS Antivirus Malware Encryption 145

Bleeping Computer

JULY 23, 2024

Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [.]

DNS 80

DNS Hacking Cryptocurrency 80

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 100

Cryptocurrency Data breaches DNS DDOS 100

Security Affairs

MARCH 17, 2022

The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S. It also looks for scheduled tasks, traffic redirection rules (NAT and other rules), DNS cache poisoning, default port changes, non-default users, suspicious files, as well as proxy, SOCKS and firewall rules. Pierluigi Paganini.

Malware 132

Malware DNS Ransomware Passwords 132

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS 111

DNS Antivirus Cryptocurrency Software 111

Cisco Security

MAY 3, 2022

Denonia is a cryptocurrency mining software that is specifically designed to run on AWS Lambda, recently discovered by Cado Security on April 6th, 2022. Enter Denonia. It is likely that Denonia has been running prior to this date, so adjust your investigations accordingly. Domains: denonia[.]xyz. ctrl.denonia[.]xyz. gw.denonia[.]xyz.

DNS 135

DNS Threat Detection Software Cryptocurrency 135

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. The razzmatazz of cryptocurrency hasn’t helped blockchain’s adoption as a technology beyond finance. More robust security for Domain Name Systems (DNS). The Intersection of Cryptocurrency and Cybersecurity.

Cybersecurity 136

Cybersecurity Cryptocurrency Technology Energy and Utilities 136

SecureList

JANUARY 22, 2024

With this URL, the sample made a request to a DNS server as an attempt to get a TXT record for the domain. This was a fairly interesting and unusual way of contacting a command-and-control server and hiding activity inside traffic, and it guaranteed downloading the payload, as the response message came from the DNS server.

Software 142

Software Computers and Electronics DNS Malware 142

Security Affairs

JANUARY 19, 2021

Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker. DDOS and Flooding – HTTP, DNS, SYN Self-implementation of Slowlaris.

DDOS 144

DDOS DNS Malware Internet 144