To avoid detection and reduce traceability, the malware drops its cryptominers as memory-mapped files, without any disk presence.
It also kills the cryptominer processes if it detects any process monitoring.
Based on the malware’s activity and victim geolocation, admin panel language, and the threat actor’s Discord user’s activity, we believe the threat actor is Japanese.
Akamai MFA can mitigate the risk presented by SSH key harvesting.
In addition, configuring strong SSH passwords should stop the malware in its tracks since it uses a very basic list of default passwords to spread.
We have also published IOCs, queries, signatures, and scripts that can be used to test for infection.
Sign Up For Threat Alerts
Dec 01, 2022
UNC4191 Threat Group Targets Entities In The...
The UNC4191 threat group was discovered targeting entities in the Philippines with custom malware and...
Nov 30, 2022
Emotet Leads To Quantum Ransomware Infection
Threat actors were observed using Emotet to gain access to the victim's network and deploy...
Nov 29, 2022
RansomExx Upgrades to Rust
IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that...
Nov 29, 2022
Ransomware Roundup: Cryptonite Ransomware
FortiGuard Labs has reported on Cryptonite ransomware, which was found to target Microsoft Windows machines...
Nov 28, 2022
Operation Typhoon: The Cyber Sea Lotus Coveting...
Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions...
Nov 27, 2022
IL-Cert Alert – Active phishing campaign in...
There is a new phishing campaign in Israel. The malware relies upon user execution. The...
Nov 27, 2022
Emotets Vacation Is Over: No Rest For...
Emotet started as a banking Trojan in spreading via spam campaigns by imitating financial statements,...
Nov 24, 2022
Aurora: A Rising Stealer Flying Under The...
Aurora is a multipurpose botnet with data collection, information stealer, downloading, and remote access Trojan...
Nov 23, 2022
Analysis Of The ViperSoftX And VenomSoftX Information...
Torrents and software-sharing sites are being used to target victims across the globe with variants...
Nov 22, 2022
Wipermania
Wipers have existed for years, and while they haven't been utilized as much as ransomware,...
Nov 21, 2022
LockBit 3.0 Ransomware Unlocked
Also known as LockBit Black, this ransomware family announced itself stating that it would now...
Nov 21, 2022
Control Panel Executable Abused For QakBot Infection
QakBot campaign modifies deployment tactics and aims to exploit a DLL hijacking technique that abuses...
Nov 20, 2022
Earth Preta Spear-Phishing Governments Worldwide
Trend Micro teams have been monitoring a wave of spear-phishing attacks targeting the government, academic,...
Nov 20, 2022
CISA Alert (AA22-321A) – Hive Ransomware Analysis
Threat actors are using Hive ransomware variants to target the government, communication, critical manufacturing, information...
Nov 16, 2022
DTrack activity targeting Europe and Latin America
DTrack is a backdoor used by the Lazarus group. It is used by the Lazarus...