Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally
#1
https://labs.bitdefender.com/2019/08/wor...laterally/      
Quote: ANTI-MALWARE RESEARCH WHITEPAPERS
Worm-Cryptominer Combo Lets You Game While Using NSA Exploits to Move Laterally
August 20, 20192 Min Read     Bitdefender researchers recently found and analyzed a worm-cryptominer combo that uses a series of exploits to move laterally and compromise victims. What makes it interest is that it pauses the resource-intensive cryptomining process if it finds popular games running on the victim’s machine. The investigation revealed that the worm-cryptominer has been constantly updated by its developers. Some of its modules were updated to make it difficult for security researchers to analyze it, as well as improve lateral movement and other capabilities.

Dubbed Beapy/PCASTLE by previous security researchers, Bitdefender takes a deeper dive into the behavior of the worm-cryptominer combo, offering a detailed changelog into how its modules and components have been updated over time. The Bitdefender investigation reveals how the worm and malware components have been used in conjunction to spread and mine cryptocurrency.

A new attack vector, not previously associated with delivering cryptocurrency miners or covered in past research, was also revealed during the investigation. A supply chain attack broke out against users of DriveTheLife, a potentially unwanted application (PUA), and against users of other similar apps that seem to run on the same infrastructure. It was found that a component of DriveTheLife that normally downloads and executes files from a legitimate domain, was apparently being manipulated and used to download a malicious payload on the victim’s machine from a domain operated by attackers.

Key findings:

Delivered via supply chain attack on PUA application
Moves laterally using advanced tools and unpatched vulnerabilities
Stays stealthy by pausing crypto mining if performance-intensive tasks, such as popular games, are running
Features both CPU and GPU mining components
Full timeline and changelog on how modules were updated
Private RSA key used for signing C&C communication publicly available
First detailed analysis on how both Beapy and PCASTLE work together
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Norton 360 Now Comes With a Cryptominer mrtrout 0 596 01-07-2022 , 12:57 AM
Last Post: mrtrout
  ‘Spider-Man: No Way Home’ Download Installs Cryptominer mrtrout 0 496 12-24-2021 , 01:47 AM
Last Post: mrtrout
  New macOS zero-day bug lets attackers run commands remotely mrtrout 0 605 09-21-2021 , 09:48 PM
Last Post: mrtrout
  Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Bjyda 0 864 03-28-2021 , 12:06 PM
Last Post: Bjyda
  Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits tarekma7 0 1,028 03-12-2021 , 04:13 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)