Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
As many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware.
As many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware that mines the privacy-focused open source cryptocurrency turtlecoin (TRTL). The news was revealed in an analysis by international hacker and cybersecurity expert group Guardicore Labs on May 29.
As reported, cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware that uses a computerâs processing power to mine for cryptocurrencies without the ownerâs consent or knowledge.
Having first detected the campaign in April and traced its origins and progress, Guardicore Labs believes the malware has infected up to 50,000 Windows MS-SQL and PHPMyAdmin servers over the past four months worldwide. The analysts backdated attacks to late February, noting the campaignâs precipitous expansion at a rate of over âseven hundred new victims per day.â
Between April 13 and May 13, the number of infected servers reportedly doubled to hit 47,985.
Guardicore Labs notes that the malware campaign is not a regular typical crypto-miner attack, as it relies on techniques commonly seen in advanced persistent threat groups, including fake certificates and privilege escalation exploits.
The researchers have nicknamed the campaign âNansh0u,â after a text file string ostensibly used in the attackerâs servers. It is believed to have been devised by sinophone threat actors, as the tools in the malware were reportedly written in the Chinese-based programming language EPL. Moreover, a number of log files and binaries on the servers reportedly included Chinese strings. As the analysis explains:
âBreached machines include over 50,000 servers belonging to companies in the healthcare, telecommunications, media and IT sectors. Once compromised, the targeted servers were infected with malicious payloads. These, in turn, dropped a crypto-miner and installed a sophisticated kernel-mode rootkit to prevent the malware from being terminated.â
In terms of geographic spread, the majority of targeted victims were reportedly in China, the United States and India â although the campaign is thought to have diffused across as many as 90 countries. The exact profitability of the cryptojacking is more difficult to ascertain, the report notes, as funds mined are in the privacy coin turtlecoin.
In a warning to organizations, the researchers underscored that âthis campaign demonstrates once again that common passwords still comprise the weakest link in todayâs attack flows.â
The privacy-centric coin monero (XMR) has historically been particularly prevalent in cryptojacking campaigns, with researchers reporting in mid-2018 that around 5% of the currency in circulation had been mined through malware.
A potential switch for XMR to a new proof-of-work algorithm this October would ostensibly make it harder to conceal malicious mining attempts, as Cointelegraph recently reported.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.