A recent report by Avast researchers identified an old-timer malware called GuptiMiner. It uses the eScan antivirus update mechanism to stealthily inject backdoors and cryptocurrency mining programs into users’ computer systems and large corporate networks. This is further evidence that cybercriminals are adapting their techniques to bypass modern security measures. Let’s look at the situation.… Continue reading GuptiMiner Use eScan to Spread Miners and Backdoors
Tag: Coin Miner
OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes
Microsoft security blog reports that the OpenMetadata platform has critical vulnerabilities that allow attackers to exploit Kubernetes workloads for crypto mining. Five vulnerabilities allow attackers to bypass authentication and execute Remote Code Execution. Microsoft recommends updating to OpenMetadata and employing robust authentication measures. OpenMetadata Vulnerabilities Threats Kubernetes Workloads, Actively Exploited According to the recent Microsoft… Continue reading OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes
Hellminer.exe Coin Miner
Hellminer.exe is a process you can see in the Task Manager that indicates a malicious software activity. It stands out by the high CPU load it creates, making the system much less responsive. Let’s figure out what this process is, and how to get rid of it.
Bitfiat Process High CPU – Explained & Removal Guide
Bitfiat is a malicious coin miner that exploits your computer’s hardware to mine cryptocurrencies. Such malware takes as much resources as it can, making the system impossible to use. Let’s see what this malware is, and how to remove it. Bitfiat Overview The Bitfiat process is related to the activity of a malicious coin miner.… Continue reading Bitfiat Process High CPU – Explained & Removal Guide
WinRing0x64.sys Process – What is It? Can I Delete?
WinRing0x64.sys is a low-level driver that is used by specific applications. The file is not malicious, though, but malware can abuse this driver. Next, we will find out who uses WinRing0x64.sys and why and answer the question of whether it can be removed. WinRing0x64 Overview WinRing0x64.sys is a crucial software component that allows applications to… Continue reading WinRing0x64.sys Process – What is It? Can I Delete?
Aluc Service: What Is Aluc App & How to Remove?
Aluc Service is a strange service you can spectate in the Task Manager. It is, in fact, a malware-related process that hides behind a legitimately-looking name. Most commonly, such a trick is done by coin miner malware and rootkits. What is Aluc Service? At a glance, Aluc Service may look like a legit service among… Continue reading Aluc Service: What Is Aluc App & How to Remove?
KmsdBot malware combines DDoS-attacks and coin mining
A new malware, called KmsdBot, strikes user devices. The Akamai SIRT has discovered a new malware that uses the SSH (Secure Shell) protocol to infiltrate target systems in order to mine cryptocurrency and carry out DDoS attacks. It spreads disguised as a bot for popular games, in particular, GTA V. The combined threat raises malware… Continue reading KmsdBot malware combines DDoS-attacks and coin mining
Extension spoofing strikes Spanish-speaking countries
An old-good form of malware disguisment sparked recently in several Spanish-speaking countries across the globe. Users note numerous cases of email attachments with spoofed file extensions, that appear to be coin miner trojans. Massive outbreak of extension spoofing in email spam Email spam is a form of malware spreading that became very popular at the… Continue reading Extension spoofing strikes Spanish-speaking countries
Clipminer – a Million Dollar Clipboard Hijacking Coinminer
Clipminer Malware A bizarrely efficient botnet cryptocurrency miner has been revealed by Symantec security experts. Besides its classic mining function, it has a feature of clipboard hijacking, thence comes the name of this malware – “Clipminer.” That feature alone has brought its developers approximately $1.7M. Let’s begin with the insertion. The Trojan-carried WinRAR archive originates… Continue reading Clipminer – a Million Dollar Clipboard Hijacking Coinminer
A WSO2 Vulnerability is Fraught with Remote Code Execution
The products by WSO2, an open-source API, applications, and web services provider, have been attacked in the wild through the CVE-2022-29464 vulnerability detected back in April 2022. This vulnerability allows attackers to execute malicious code remotely via unhindered file uploading. The scheme of the attack begins with web shell installation through *.jsp or *.war files… Continue reading A WSO2 Vulnerability is Fraught with Remote Code Execution