The techniques used by these malwares are usually focused on reaching execution, avoiding detection to run under the radar and gaining persistence to survive any reboot.Ī new miner sample showed up in April on AT&T Alien Labs radar, with a wide range of different loaders aiming to execute it in infected systems up to this day. Despite the current rough patch in the world of cryptocurrencies, these miners are still present and will be in the foreseeable future.Īs seen in the current analysis, unlike IoT malwares, which also attempt to reach the biggest number of infected devices as possible, these miners target victims through phishing samples. The wide variety of loaders in conjunction with the staged delivery of the miner and backdoor malwares, shows how determined the attackers are to successfully deliver their payloads.Ĭrypto miners have been present in the threat landscape for some years, since an attacker identified the opportunity of leveraging victim’s CPUs to mine cryptocurrencies for them.Reviewing them assists in reminding defenders the current trends and how to improve their defenses. The techniques observed in these samples are known but still effective to keep infecting victims with their miners.Attackers have been sending malicious attachments, with a special emphasis on Mexican institutions and citizens.
Proof of this is one of the latest samples identified with AT&T Alien Labs, with at least 100 different loaders and at least 4 different stages to ensure their miner and backdoor run smoothly in the infected systems. Crypto miners are determined in their objective of mining in other people's resources.
0 kommentar(er)
