As many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware that mines the privacy-focused open source cryptocurrency turtlecoin.
As reported, cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware that uses a computer's processing power to mine for cryptocurrencies without the owner's consent or knowledge.
Having first detected the campaign in April and traced its origins and progress, Guardicore Labs believes the malware has infected up to 50,000 Windows MS-SQL and PHPMyAdmin servers over the past four months worldwide.
Between April 13 and May 13, the number of infected servers reportedly doubled to hit 47,985.
Guardicore Labs notes that the malware campaign is not a regular typical crypto-miner attack, as it relies on techniques commonly seen in advanced persistent threat groups, including fake certificates and privilege escalation exploits.
The researchers have nicknamed the campaign "Nansh0u," after a text file string ostensibly used in the attacker's servers.
It is believed to have been devised by sinophone threat actors, as the tools in the malware were reportedly written in the Chinese-based programming language EPL. Moreover, a number of log files and binaries on the servers reportedly included Chinese strings.
"Breached machines include over 50,000 servers belonging to companies in the healthcare, telecommunications, media and IT sectors. Once compromised, the targeted servers were infected with malicious payloads. These, in turn, dropped a crypto-miner and installed a sophisticated kernel-mode rootkit to prevent the malware from being terminated."
The exact profitability of the cryptojacking is more difficult to ascertain, the report notes, as funds mined are in the privacy coin turtlecoin.
The privacy-centric coin monero has historically been particularly prevalent in cryptojacking campaigns, with researchers reporting in mid-2018 that around 5% of the currency in circulation had been mined through malware.
Researchers Say 50,000 Servers Worldwide Infected With Privacy Coin Cryptojacking Malware
gepubliceerd op May 29, 2019
by Cointele | gepubliceerd op Coinage
Coinage
Recent nieuws
Alles zien
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.