Lemon Duck Cryptominer Spreads through Covid-19 Themed Emails

Malware authors continue to take advantage of the coronavirus pandemic to propagate threats. In a recent related campaign, we have come across a PowerShell script (mailer script) that distributes the Lemon Duck cryptominer through a new propagation method: Covid-19-themed emails with weaponized Read More …

Coinminer, DDoS Bot Attack Docker Daemon Ports

Researchers found an open directory containing malicious files, which was first reported in a series of Twitter posts by MalwareHunterTeam. Analyzing some of the files, we found a malicious cryptocurrency miner and Distributed Denial of Service (DDoS) bot that targets open Docker daemon Read More …

Postmortem of a Compromised MikroTik Router

Cryptocurrency coinminers are the new ransomware and malicious actors have already pounced on the opportunity to make their fortune. Symantec has been tracking a large-scale coin-mining campaign which, as per Shodan, has currently infected about 157,000 MikroTik routers. Researchers discovered this coin-mining Read More …

Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers

Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home Read More …

Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

Attackers are using the time-tested right-to-left override technique to deliver cryptomining malware through the popular Telegram messaging application, say researchers. The right-to-left (RLO) technique uses Unicode to hide malicious file names and trick users into executing what appear to be Read More …