This new campaign used the vulnerability in the Cacti plugin. For those who don’t know, Cacti is a PHP-based open-source tool for monitoring network, more specifically, in its “Network Weathermap” plugin. Using this plugin, servers visualize the network activity via a GUI.

Security experts from Trend Micro also found evidence that this attack is linked to the biggest cryptojacking in the history where hackers were able to earn around $3 million using a specialized Monero miner on Jenkins servers and by exploiting the CVE-2017-1000353 vulnerability. This time, the newer one used the CVE-2013-2618 vulnerability in the Cacti.

The flaw in Cacti allowed hackers to gain permission from the system to execute codes. Using the ability, they installed a modified version of XMRig – a legitimate software that’s used for mining Monero. In addition, they also included a bash script that worked as a watchdog for the mining process. If the miner program was down, it would restart it and if it was running, nothing to do. The checking process continued every 3 minutes.

This campaign earned the hackers 320 XMR ($75,000). All the infected servers were running Linux and major victims were situated in China, Taiwan, Japan and the USA.

What to do now

As long as the campaign is identified, it can be resolved very quickly. However, the hackers are already successful at their intentions. They earned a lot of cash, although less the largest one.

Such attacks demonstrate that our security measures are still not so tight after all. When it comes to updating the host system, system admins often forget or ignore them, as they may contain some complexity. That’s why hackers are able to keep on doing such hacking.

In order to stay protected, update all the software and the OS to the latest edition. It’s really important for fixing up all the known security holes. For every personal user, update all your programs to the latest version.

There are also other advanced cryptojacking campaigns, such as GhostMiner – an awesome malware with fortune on our side.

The post New Monero Miner Earned $75,000 using 5-years-old Exploit appeared first on Linux Windows and android Tutorials.

Kaspersky researchers spotted several fake antivirus & porn apps for Android that are malware infected. Those apps are used to mine Monero, launch DDoS attacks and also perform other malicious tasks. All of these actions caused the infected phones drain the battery a lot faster and eventually, bulge out of the cover.

Security researchers at Chinese IT security firm Qihoo 360 Netlab identified another malware. This wormable malware scans for wide-range of IP address for finding out any more vulnerable devices to infect them. The malware uses the infected devices to mine Monero. This one is named “ADB.Miner”.

The researchers told that “ADB.Miner” is the first of the kind of Android worm that uses the scanning code programmed in Mirai – the infamous IoT botnet malware. This malware caused major IoT companies offline last year by performing massive DDoS attacks against DynDNS.

How the malware works

ADB (Android Debug Bridge) is a command line toolkit for devs to debug Android code on the emulator and grants some of the most sensitive features of the operating system. Almost all the Android devices come up with ADB port disabled. So, how does the malware work?

“ADB.Miner” searches for Android devices – smartphones, smart TVs, TV set-top boxes – everything publicly accessible via the ADB debug interface. Those devices must be running over port 5555 to be infected. “ADB.Miner” installs a malware app that mines Monero cryptocurrency for its operator. That being said, the malware will only work on those devices that have been configured to enable port 5555 manually.

Additionally, the “ADB.Miner” tries to propagate itself into other devices from the newly infected devices.

Researchers aren’t completely sure how this malware is infecting Android devices. One thing for sure – this isn’t happening by exploiting any type of ADB flaw. The reason is, it’s infecting numerous devices from a wide variety of manufacturers.

The attack started on January 21, 2018, and has increased recently. Based on the IP addresses, the highest infected devices are from China (around 40%) and South Korea (around 31%), according to researcher’s estimation.

How to stay protected

In order to protect your Android device, be aware of using apps. Don’t install apps from any untrusted source. Be careful to install apps from Google Play Store at the same time. You can use a VPN or a firewall to block the port 5555. The best option is to get a good antivirus for your Android. Check out the top Android antivirus from AV-Test.

The post Cryptojacking from Android – Stay Secured appeared first on Linux Windows and android Tutorials.