Cryptomining is a growing but an unstable sector. According to Statista, it generated $5 billion in revenue between 2010 and 2019.

The Blue Mockingbird Monero cryptomining payloads

The science of cryptomining is costly and computing resource-intensive, making it unattractive to many folks. But malicious actors have found a shortcut to making cryptomining money without having to buy powerful computers. They illegally deploy cryptomining payloads on the computers of unsuspecting users to take advantage of the free processing power. That is the same reason hackers are delivering Monero cryptominers on Windows PCs. In the incidents that Red Canary reported, the hackers launched multi-level attacks from numerous fronts to deliver the miners on Windows systems. The bad actors would start by breaching web-facing applications. It appears they were taking advantage of Telerik UI vulnerabilities in ASP.NET apps. After breached a targeted system, they would persistently launch multiple attacks using different techniques to deliver their malware. Such actors have used proxying software for this purpose before. Also, they have worked with multiple types of reverse shell payloads to breach external systems. According to Red Canary, the Telerik UI exploit in question, CVE-2019-18935, has been around for some time. That also means it is not going away anytime soon. Therefore, you may want to patch your Windows systems right away before you are targeted for the next Monero cryptomining attack. That is very imperative especially if your organization uses any web-facing applications. Alternatively, install a cryptomining blocker on your Windows 10 PC. We’re on call to respond to any questions or suggestions. Feel free to share yours by writing us a message in the comments section below.

SPONSORED Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ