Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

A Botnet Campaign that Uses Blockchain Transactions to Stay Hidden

A recent cryptomining botnet campaign has been observed using Bitcoin blockchain transactions to hide its backup C2 IP addresses. It’s a very effective way of staying under the radar and defeating takedown attempts. Adoption of this technique can be troublesome and expected to become popular in the near future.

What has happened?

In December 2020, Akamai spotted a BTC wallet address being used in new variants of the cryptomining malware. The wallet data was used to distribute crypto-malware and establish persistence.

  • The attack starts with the exploitation of RCE vulnerabilities that exist in software such as Hadoop Yarn and Elasticsearch (tracked as CVE-2015-1427/CVE-2019-9082). 
  • In a few attacks, instead of directly hijacking the system, attackers used modified RCEs to create Redis server scanners that were used to find further Redis targets for cryptocurrency mining operations. 
  • In addition, a shell script is used to trigger an RCE on an exposed system and Skidmap malware is deployed. The initial script can terminate existing miners, disable security features, or modify SSH keys.

How much have they mined so far?

According to Akamai, over $30,000 in Monero has been mined by the operators to public pools over the past three years. These Monero transactions are anonymous and do not require specialized machines for mining.

Another innovative evasion attempt

The use of BTC transactions to evade detection is the second innovative attempt seen in recent times. 

  • A few days ago, another attacker was observed using an unusual DNS query via nslookup.exe to hide their actual malicious intent. 
  • It was using the certutil tool and obfuscated AutoIT script as multi-step obfuscation layers to protect its payload.

Conclusion

The usage of such innovative techniques to evade detection has serious implications on tracking, defending, and takedown attempts made by researchers, infrastructure operators, and law enforcement. Therefore, security agencies need to explore innovative ideas to take some lead in this cat-and-mouse game with attackers.

Source: https://cyware.com/news/a-botnet-campaign-that-uses-blockchain-transactions-to-stay-hidden-00b61000

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The law enforcement agency says it has been tracking large volumes of cryptocurrency stolen by North Korean hackers during a summer of high-profile cyber...

Cyber Security

Pyongyang’s growing reliance on cybercrimes to circumvent international sanctions should push the U.S. and its allies to fully enforce existing sanctions and review whether...

Cyber Security

The agency has been granted new and important roles under the Biden administration’s plan to safeguard U.S. digital networks. The Department of Justice announced...

Cyber Security

BTC.com, one of the world’s largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO