The Sysrv botnet has been developing over the last years, and has become a multi-platform botnet that specializes in Monero cryptomining.
Research has uncovered 30 compromised images in 10 different Docker Hub accounts, representing over 20 million pulls.
A web miner injected into compromised sites is just the tip of the iceberg for an infrastructure hosting malicious Windows and Linux coin miners.
We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more recently via a campaign dubbed Ngay.
Why do threat actors prefer mining for Monero rather than the very hot Bitcoin cryptocurrency? Let us point out the reasons.
If you think closing your browser window to leave a site that runs a cryptominer will stop the mining process, think again. Persistent drive-by cryptomining has arrived.
As drive-by downloads slow down, drive-by cryptocurrency mining emerges as the latest annoyance that hijacks our PCs’ CPU.
A strange variant or copycat of Sundown EK drops an unexpected payload that we decided to look deeper into.