StaryDobry campaign targets gamers with XMRig miner.
(securelist.com)
from Cat@ponder.cat to cybersecurity@sh.itjust.works on 18 Feb 11:25
https://ponder.cat/post/1680014
from Cat@ponder.cat to cybersecurity@sh.itjust.works on 18 Feb 11:25
https://ponder.cat/post/1680014
On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and Kazakhstan—by spreading trojanized versions of popular games via torrent sites.
In this report, we analyze how the attacker evades detection and launches a sophisticated execution chain, employing a wide range of defense evasion techniques.
threaded - newest
StarýDobrý? @ChaoticNeutralCzech@lemmy.ml these were czech hackers
It is indeed a Czech phrase but definitely exists in other Slavic languages (for example Russian is старый добрый, usually transliterated as “staryy dobryy” or “staryj dobryj”). No group seems to have claimed responsibility; the article says
The name for the malware seems to have been chosen by Kaspersky and possibly taken from one of the strings in whatever “PDB” is. I’m guessing it’s geographically close to Russia but not inside, as Russian threat actors (including script kiddies) tend to take care to exclude Russian citizens.
You’re lucky I’m just logged in, my main account is @ChaoticNeutralCzech@feddit.org
Bruh
Yeah, otherwise their enemies include law enforcement and shit gets real
Ahhhhh clever