Sunday, April 11, 2021
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact
Hacking tools on all platforms
No Result
View All Result
  • The Hacker News
  • Tools9
  • Tutorial
  • Video
  • Blog
  • Donate Us
Hacking tools on all platforms
Home Blog
crypto miner hacker

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

Nhan Nguyen by Nhan Nguyen
in Blog
Reading Time: 4min read
0
0
SHARES
51
VIEWS
Share on FacebookShare on Twitter

Related posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

02/25/2021
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

02/24/2021
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

02/24/2021
2.7k
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

02/24/2021
2.7k

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

crypto miner malware

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran.

The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company’s name inadvertently making its way into the cryptominer code.

First documented by Chinese tech giant Tencent last September, MrbMiner was found to target internet-facing MSSQL servers with the goal of installing a cryptominer, which hijacks the processing power of the systems to mine Monero and funnel them into accounts controlled by the attackers.

The name “MrbMiner” comes after one of the domains used by the group to host their malicious mining software.

password auditor

“In many ways, MrbMiner’s operations appear typical of most cryptominer attacks we’ve seen targeting internet-facing servers,” said Gabor Szappanos, threat research director at SophosLabs.

“The difference here is that the attacker appears to have thrown caution to the wind when it comes to concealing their identity. Many of the records relating to the miner’s configuration, its domains and IP addresses, signpost to a single point of origin: a small software company based in Iran.”

MrbMiner sets about its task by carrying out brute-force attacks against the MSSQL server’s admin account with various combinations of weak passwords.

crypto miner malware

Upon gaining access, a Trojan called “assm.exe” is downloaded to establish persistence, add a backdoor account for future access (username: Default, password: @fg125kjnhn987), and retrieve the Monero (XMR) cryptocurrency miner payload that’s run on the targeted server.

Now according to Sophos, these payloads — called by various names such as sys.dll, agentx.dll, and hostx.dll, were deliberately-misnamed ZIP files, each of which contained the miner binary and a configuration file, among others.

Cryptojacking attacks are typically harder to attribute given their anonymous nature, but with MrbMiner, it appears that the attackers made the mistake of hardcoding the payload location and the command-and-control (C2) address into the downloader.

One of the domains in question, “vihansoft[.]ir,” was not only registered to the Iranian software development company but the compiled miner binary included in the payload left telltale signs that connected the malware to a now-shuttered GitHub account that was used to host it.

While database servers, owing to their powerful processing capabilities, are a lucrative target for cybercriminals looking to distribute cryptocurrency miners, the development adds to growing concerns that heavily-sanctioned countries like North Korea and Iran are using cryptocurrency as a means to evade penalties designed to isolate them and to facilitate illicit activities.

“Cryptojacking is a silent and invisible threat that is easy to implement and very difficult to detect,” Szappanos said. “Further, once a system has been compromised it presents an open door for other threats, such as ransomware.”

“It is therefore important to stop cryptojacking in its tracks. Look out for signs such as a reduction in computer speed and performance, increased electricity use, devices overheating and increased demands on the CPU.”

Hacking Tools by Novero Lotus with hashtags #MrbMiner #CryptoMining #Malware #Links #Iranian #Software #Company

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securityNetwork Securityransomware malwaresoftware vulnerabilitythe hacker news
ShareTweet

Related Posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Blog

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

by Nhan Nguyen
02/25/2021
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Blog

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

by Nhan Nguyen
02/24/2021
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Blog

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

by Nhan Nguyen
02/24/2021
2.7k
Everything You Need to Know About Evolving Threat of Ransomware
Blog

Everything You Need to Know About Evolving Threat of Ransomware

by Nhan Nguyen
02/24/2021
2.7k
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Blog

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

by Nhan Nguyen
02/24/2021
1.6k
Experts Find a Way to Learn What You’re Typing During Video Calls
Blog

Experts Find a Way to Learn What You’re Typing During Video Calls

by Nhan Nguyen
02/23/2021
1.5k
Load More
Next Post
password stealer

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

0 0 vote
Article Rating
Subscribe
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
guest
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
guest
0 Comments
Inline Feedbacks
View all comments

New Posts Updated

Intro YouTube Nhan Nguyen Channel

Intro YouTube Nhan Nguyen Channel

1 month ago
8.8k
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

2 months ago
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

2 months ago
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

2 months ago
2.7k
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

2 months ago
2.7k

BROWSE BY CATEGORIES

  • Blog
  • Dark Web
  • Downloads
  • Envato Free
  • Hacking Tools
  • Plugins
  • Social Network
  • Themes & Templates
  • Tools Free
  • Tools Free
  • Tutorial
  • Video

BROWSE BY TOPICS

AI Buidl computer security Counterfeited Money Credit Cards cyber attacks cyber news cyber security news cyber security news today cyber security updates cyber updates Dark Web data breach Deep Web Digital Virtual Hacker hacker news Hackers Hacking hacking news Hacking Tools how to hack information security Learn Python Linux Network Security PayPal Accounts Python Python Basic ransomware malware software vulnerability the hacker news Theme Blog / Magazine Theme Corporate Theme Creative Theme eCommerce Theme Free Theme Null Theme Real Estate Theme Wordpress Tool Tools Tor Tor Project’s Windows

Ads




POPULAR NEWS

  • Intro YouTube Nhan Nguyen Channel

    Intro YouTube Nhan Nguyen Channel

    0 shares
    Share 0 Tweet 0
  • Trusted Links on Dark Web update 2021

    3826 shares
    Share 0 Tweet 0
  • Hack Facebook Password 2021 100% Success in 2 minutes

    5712 shares
    Share 0 Tweet 0
  • Dark Web Scam Vendors & Markets List

    6714 shares
    Share 0 Tweet 0
  • Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

    0 shares
    Share 0 Tweet 0
  • Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

    0 shares
    Share 0 Tweet 0
  • Everything You Need to Know About Evolving Threat of Ransomware

    0 shares
    Share 0 Tweet 0
  • Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

    0 shares
    Share 0 Tweet 0
  • The truth about the dark web fraud trade

    37 shares
    Share 0 Tweet 0
  • VmWare Tutorials

    53 shares
    Share 0 Tweet 0
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact

TM + © 2013 - 2021 Hacking Tools Online Platforms .

No Result
View All Result
  • The Hacker News
  • Bitcoin
  • Tools
    • Hacking Tools
    • Ecommerce
    • Social Network
    • Tools Free
  • Downloads
    • Software
    • Tools Free
    • Mobile Apps
    • Scripts
    • Envato Free
    • Plugins
    • Themes & Templates
    • Free Online Courses
  • Tutorial
  • Video
  • Dark Web
  • Blog
  • Donate Us
  • Contact Us

TM + © 2013 - 2021 Hacking Tools Online Platforms .

0
0
Would love your thoughts, please comment.x
()
x
| Reply