Blog keyword search

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Users complaining on Apple's official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS… https://www.virusbulletin.com/blog/2018/05/xmrig-used-new-macos-cryptominer/

$150k in cryptocurrency stolen through combined BGP-DNS hijack

A BGP hijack was used to take over some of Amazon's DNS infrastructure, which was then used to serve a phishing site to users of the MyEtherWallet service.
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP… https://www.virusbulletin.com/blog/2018/04/150-k-cryptocurrency-stolen-through-cominbed-bgp-dns-hijack/

There are lessons to be learned from government websites serving cryptocurrency miners

Thousands of websites, including many sites of government organisations in the UK, the US and Sweden, were recently found to have been serving a cryptocurrency miner. More interesting than the incident itself, though, are the lessons that can be learned f…
This was awkward. On Sunday, the Information Commissioner's Office (ICO), the UK's data protection regulator and thus the public body that issues fines for data breaches, was… https://www.virusbulletin.com/blog/2018/02/there-are-lessons-be-learned-government-websites-serving-cryptocurrency-miners/

Throwback Thursday: Malware taking a bit(coin) more than we bargained for

This Throwback Thursday, we republish the VB2012 paper by Microsoft researcher Amir Fouda, one of the earliest papers to look at malware targeting Bitcoin.
In late spring of 2011, a sudden rise in the price of Bitcoin – reaching almost US$30, up from less than $1 barely a month earlier – attracted the attention of malware authors.… https://www.virusbulletin.com/blog/2018/02/throwback-thursday-malware-taking-bitcoin-more-we-bargained/

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.
Cryptocurrencies have attracted the attention of cybercriminals for many years: as a relatively anonymous payment channel, as a target of their digital theft, and as a way to turn… https://www.virusbulletin.com/blog/2018/01/necurs-pump-and-dump-spam-campaign-pushes-obscure-cryptocurrency/

Despite the profitability of ransomware there is a good reason why mining malware is thriving

Though ransomware is far more profitable than using a compromised PC to mine bitcoins, the global distribution of malware means that there are many botnets for which mining is the most efficient way to extract money out of a PC.
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather… https://www.virusbulletin.com/blog/2017/09/despite-profitability-ransomware-there-good-reason-why-mining-malware-thriving/

VB2014 Paper: Well, that escalated quickly. From penny-stealing malware to multi-million-dollar heists, a quick overview of the Bitcoin bonanza in the digital era

Santiago Pontiroli takes us on a rollercoaster ride through cryptocurrency land.
Santiago Pontiroli takes us on a rollercoaster ride through cryptocurrency land.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of… https://www.virusbulletin.com/blog/2014/11/paper-well-escalated-quickly-penny-stealing-malware-multi-million-dollar-heists-quick-overview-bitcoin-bonanza-digital-era/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.