Tag Archive for: Modified

Cryptomining Campaign Unleashes Modified Mirai Botnet

/in


Cryptocurrency Fraud
,
Endpoint Security
,
Fraud Management & Cybercrime

Latest Campaign Injects Song Lyrics and Other ‘Immature’ Elements Into Its Code

Prajeet Nair (@prajeetspeaks) •
January 10, 2024    

Cryptomining Campaign Unleashes Modified Mirai Botnet
A quirky Mirai botnet variant is dropping cryptomining malware. (Image: Shutterstock)

A new cryptomining campaign uses a quirkily customized Mirai botnet to spread cryptomining malware designed to hide the digital wallet that collects the ill-gotten gains.

See Also: JavaScript and Blockchain: Technologies You Can’t Ignore

Security researchers at Akamai dubbed the Mirai variation NoaBot and said that it uses a unique SSH scanner but also exhibits an unexpected touch of immaturity.

Mirai is a wormable botnet infamous for targeting Linux-based IoT devices. Numerous versions of Mirai are in the wild thanks to an anonymous coder who leaked source code online before its three original authors pleaded guilty in 2017.

Akamai researchers first spotted NoaBot in early 2023. They also identified a link between NoaBot and the P2PInfect worm, discovered in July 2023 by Unit 42.

Unlike the original Mirai, NoaBot spreads malware through secure shell protocol – not Telnet. The SSH scanner “seems to be custom made, and quite peculiar,” Akamai wrote. Once it establishes a connection, it sends a string “hi.” It makes sense to establish and quickly terminate a connection from an infected system. “Hi” is not a valid SSH packet, so Wireshark marks it as malformed.

“Why does it bother sending ‘hi,’ though? That’s a mystery,” Akamai…

Source…

Trend Micro antivirus modified Windows registry by mistake — How to fix

/in


Trend Micro

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified.

According to hundreds of customer reports that started streaming in earlier this week on the company’s forum and on social networks, the false positive affected update packages stored in the Microsoft Edge installation folder.

As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ_FRS.VSNTE222 and Virus/Malware: TSC_GENCLEAN.

Fix and workaround available

The cybersecurity software maker addressed the issue and published an advisory urging customers to update their products and ensure that the Smart Scan Agent Pattern and Smart Scan Pattern are updated to the latest version.

“Trend Micro is aware of a detection issue that was reported earlier today regarding a potential false positive with Microsoft Edge and a Trend Micro Smart Scan pattern,” the company said.

“The pattern has been updated to remove the detection in question and we are doing an investigation on the root cause of the issue. More information can be provided after the investigation is complete.

“Please confirm that both the Smart Scan Agent Pattern is 17.541.00 or later AND Smart Scan Pattern is 21474.139.09 or later which resolves the issue.”

Trend Micro also shared a temporary workaround if the pattern update didn’t fix the issue which requires adding multiple Microsoft Edge folders to Apex One’s exclusion list.

Restoring registry changes

While the fix provided by Trend Micro for the false positive can easily be applied by updating Apex One, some customers also reported that this issue also led to Windows registry entries being altered after the agent’s Damage Cleanup tool was executed.

“It was reported that some customers observed some registry changes as a result of the detection depending on their endpoint cleaning configuration settings,” Trend Micro added.

Widnows Registry changes seen by Trend Micro customer
Widnows Registry changes seen by Trend Micro customer

This requires affected users to restore backups made by the Apex One agent through a procedure that will help revert the changes made…

Source…

Modified iPhone Lightning cable lets hackers remotely hijack a Mac

/in

The cable contains an implant that allows the hack to take place. They perform the same functions as expected, but once it’s connected to a Mac, hackers can access the computer via a Wi-Fi hotspot it …
mac hacker – read more

Modified Mirai botnet could infect five million routers – SearchSecurity – TechTarget

/in

Modified Mirai botnet could infect five million routers – SearchSecurity
TechTarget
Researchers found a modified version of the Mirai botnet code attacking routers around the world and may lead to massive DDoS attacks.

and more »

android botnet – read more