Evmez warns companies and individual users by sorting out the most common cryptojacking viruses discovered recently and causing great damage to thousands of systems.
CoinHive virus, which we hear first when Cryptojacking is mentioned, is a mining script that generates attacks inside the servers. CoinHive is remembered for an attack campaign targeting hundreds of thousands of internet service providers and large networks that prefer the most MicroTic brand routers. In this large-scale attack, all webpages entered through the virus-infected dispensers were infected with the CoinHive virus.
XMRig, another known cryptojacking application, continues to make its reputation as an open source and highly capable malicious software. XMRig is also used as a more and more frequently used software to generate attack types that easily trick users, but is also used to strengthen trojan horses. Due to the high probability of attack that it can create, this software is a Swiss army knife for malicious cryptomineraries.
In fact, CroniX, a type of XMRig software, draws more attention than its counterparts because of a new security vulnerability that has recently arisen, causing serious damage and high privacy. CroniX comes up with the use of Apache Struts 2, the latest version of the vulnerability, which helps with the development of web applications. The researchers remember that the software is called CroniX because it assigns scheduled tasks called cron to the server to provide defense against defenses and executes command processes with fake transaction names.
This crypto money worm, discovered by an independent researcher last summer and thought to have emerged in China, is called ZombieBoy. ZombieBoy targets corporate networks and seeks multiple attacks from multiple vulnerabilities. Using the EternalBlue vulnerability, ZombieBoy can log on to systems without a password, due to the weakness called DoublePulsar and EternalBlue. It makes it difficult to notice ZombieBoy, which installs fixing features to the system it infects during these operations.
The devices of companies that are considered as attractive data centers by malicious crypto money miners are being tried to be captured by PowerGhost, a non-file-related software. PowerGhost not only creates a sneak attack on its own, but it also points out that PowerGhost can increase the power of DDoS attacks.
The RedisWannaMine attack, discovered in early 2018, is adding various software to these servers by targeting Redis, Windows Server, and APACHE SOLR servers, which have not been alleviated by updating their updates. Similar to the Zombie Boy attack, RedisWannaMine also takes advantage of the EternalBlue vulnerability and moves by generating a series of chain attacks.
Underminer exploit, which usually selects users in Asian countries as victims, is increasing its threatening area with advanced cloaking techniques. With this exploit, it is known that Hidden Mellifera, which is installed on systems, has affected nearly half a million systems even before it started to be served with Underminer.
MassMiner, an advanced mining worm, brings together various exploits and hacking techniques to infiltrate the system it targets. The MassScan scan tool used to find the servers that MassMiner will target will cause the Internet to be scanned in less than six minutes. MassMiner designs a command and control system that communicates between cyber attackers and the system through a technique called Gh0st, which is a method for overcoming passwords.