Trend Micro: BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software

Published at: June 4, 2019

Cybersecurity firm Trend Micro announced that it found a malware dubbed BlackSquid that infects web servers employing eight different security exploits and installs mining software. The findings were announced in a blog post published on June 3.

Per the report, the malware targets web servers, network drives and removable drives using eight different exploit and brute force attacks. More precisely, the software in question employs “EternalBlue; DoublePulsar; the exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464; and three ThinkPHP exploits for multiple versions.”

While the sample acquired by Trend Micro installs the XMRig monero (XMR) Central Processing Unit-based mining software, BlackSquid could also deliver other payloads in the future. According to Trend Micro data, most of the instances of the malware in question have been detected in Thailand and the United States.

The malware can reportedly infect a system via three different routes: through a website hosted on an infected server, exploits, and removable or network drives. BlackSquid also cancels the infection protocol if it detects that the username, device driver or the disk drive model suggests that the software is running in a sandbox environment.

As Cointelegraph recently reported, as many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware that mines the privacy-focused open source cryptocurrency turtlecoin (TRTL).

At the beginning of May, Trend Micro also noted that cybercriminals are now exploiting known vulnerability CVE-2019-3396 for crypto mining in the software Confluence, a workspace productivity tool made by Atlassian.

Tags
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
Majority of 400 Vulnerable Docker Servers Found to Be Mining Monero, Research Shows
About 400 servers running virtualization software Docker were found to be vulnerable to outside exploitation. Most of them were seemingly running Monero (XMR) mining software, cybersecurity company Imperva reports on March 4. A misconfiguration of the vulnerable Docker hosts permits public access to the Docker API, which should only be locally accessible. This misconfiguration, combined with a newly discovered vulnerability, allows attackers to obtain administrator rights on the server and install software of their choice. Since a hacker could install any software this way, the vulnerability doesn't only permit cryptojacking, but also the installation of any other malware or use …
Altcoin / March 5, 2019
Detected Cryptojacking Prompts Microsoft to Remove Eight Free Apps from Microsoft Store
United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero (XMR) coin mining code. The news was reported by Symantec on Feb. 15. Stealth crypto mining — also know as cryptojacking – works by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Symantec, the firm first detected malicious XMR mining code within eight apps — issued by three developers — on Jan. 17. After Symantec alerted Microsoft, the corporation is reported to …
Altcoin / Feb. 15, 2019
Government Sites in India Among Prime Targets for Cryptojacking, Research Shows
Official government websites have become a prime target for cryptojacking in India, The Economic Times (ET) reports today, September 17. Cryptojacking is the practice of infecting a target with malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. New research from cybersecurity analysts reportedly reveals that widely trusted government websites – including those of the director of the municipal administration of Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality – have become the latest to be exploited by the practice. Security Researcher Indrajeet Bhuyan told ET that: “Hackers target government websites for …
Altcoin / Sept. 17, 2018