Hacks

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised devices. "The main activity of the botnet is mining Monero cryptocurrency,"  ESET said . "The victims include organizations in both public and private sectors, including financial institutions." ESET said it worked with dynamic DNS provider No-IP to take down the malicious command-and-control (C2) servers and that it set up fake domains (aka sinkholes) to monitor the botnet's activity. The sinkhole data shows that between 2,000 and 3,500 infected computers connected to the C2 servers on a daily basis during February and March this year. According to ESET researcher...

A new malware strain dubbed Dexphot attacking windows computers to mine cryptocurrency, monitoring services, and scheduled tasks to rerun the infection if windows defender removed it. The  malware  uses files techniques it gets malicious codes executed directly in memory and also it hijacks the legitimate process to hide the malicious activity. Microsoft closely tracked the threat since 2018, the threat actors continuously improve the malware, target new processes, and defense mechanism. Malicious Behaviour Dexphot Behaviour & Infection Chain The malware employs multiple levels of polymorphism across the binaries it distributes, files techniques and behavior-based detection for protection. The malware abuses the following legitimate process that includes msiexec.exe – Microsoft process to install, modify, and perform operations on Windows Installer unzip.exe – Extraction Utility rundll32.exe – Used to run DLL files schtasks.exe – To create scheduled ...