Two More Campaigns Spreading Monero Cryptocurrency Miners

Delaware, USA – January 26, 2018 – The growing popularity of the Monero cryptocurrency for operations in Darknet leads to new campaigns distributing various cryptocurrency miners. Adversaries attack both corporate web servers and ordinary users. Browsers started to introduce protection from Javascript miners so last weeks there has been an increase in the number of campaigns installing cryptocurrency miners directly on the attacked system. Researchers from Palo Alto Networks described a large-scale campaign that affected millions of users around the world. Attackers abused the Adfly service to download malicious files to users’ computers, which, when launched, downloaded and installed XMRig utility.
Trend Micro reported about the campaign targeting web servers. Attackers attempt to exploit vulnerabilities in web applications by sending HTTP requests that contain scripting code. The campaign is still ongoing; attacks are performed against Windows and Linux systems with Apache Struts or DotNetNuke installed. If the necessary patches are not installed, Monero cryptocurrency miner is downloaded and installed on the server.

Timely installation of updates will help protect against most attacks on your web servers. Also, you can use Web Application Security Framework to uncover brute-force attacks and any suspicious events on your resources.