Altcoin News: Hackers Have Infected 50,000 Servers Worldwide with Hidden Mining Malware

June 4, 2019, by Marko Vidrih on ALTCOIN MAGAZINE

According to Guardicore Labs, a company specializing in cybersecurity, hackers hacked more than 50,000 servers worldwide, infecting them with malware for hidden mining cryptocurrencies.

Guardicore Labs reported that large-scale malware distribution dubbed the “Nansh0u campaign,” has been going on since February. More than 700 new devices per day are being targeted for attacks, which are mainly aimed at companies in the health care, telecommunications, media, and IT sectors.

Guardicore discovered 20 different malicious programs in the campaign, and noted that their list is updated “at least once a week”. The malicious package also has a rootkit installed to prevent the removal of the program. Guardicore said it had contacted the server hosting service provider from which the attack was made, as well as the issuer of the rootkit certificate.

“As a result, the attack servers were taken down and the certificate was revoked,” was reported.

The company said that the attack used sophisticated tools, such as those used by government agencies, and this factor indicates that the elite “digital weapons” are becoming increasingly available to cybercriminals. According to the company, the program was written using tools in Chinese and is hosted on Chinese servers. Guardicore notes:

“The Nansh0u campaign is not a typical crypto-miner attack. It uses techniques often seen in APTs [advanced persistent threats] such as fake certificates and privilege escalation exploits. While advanced attack tools have normally been the property of highly skilled adversaries, this campaign shows that these tools can now easily fall into the hands of less than top-notch attackers.”

According to the company, this situation once again proves how important a high level of protection of identification data is.

“This campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows. Seeing tens of thousands of servers compromised by a simple brute-force attack, we highly recommend that organizations protect their assets with strong credentials as well as network segmentation solutions,” the report says.

Attacks for the purpose of hidden mining are becoming more common. Last month it was reported that cybercriminals mined XMR using vulnerabilities in older versions of Confluence Atlassian. In addition, previously there was information that the hidden mining program for Shellbot cryptocurrency as a result of the next update had the opportunity to disable other miners running on the infected computer.

Author: Marko Vidrih