StaryDobry campaign targets gamers with XMRig miner.
(securelist.com)
from Cat@ponder.cat to cybersecurity@infosec.pub on 18 Feb 11:20
https://ponder.cat/post/1680009
from Cat@ponder.cat to cybersecurity@infosec.pub on 18 Feb 11:20
https://ponder.cat/post/1680009
On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and Kazakhstan—by spreading trojanized versions of popular games via torrent sites.
In this report, we analyze how the attacker evades detection and launches a sophisticated execution chain, employing a wide range of defense evasion techniques.
threaded - newest