Bitcoin: Hackers hijacking devices to ‘print’ thousands in cryptocurrencies | City & Business | Finance


Cryptocurrencies are currently sky-high in value and hackers are using increasingly ingenious ways to covertly harness computers and electricity of unwitting people to generate digital coins worth thousands.

Morphus Labs Chief Research Officer Renato Marinho estimated that about 450 separate machines have been conscripted.

Mr Marinho analysed one of the servers and found that attackers gained control over it by exploiting a critical vulnerability in software programme Oracle’s WebLogic package.

The technology expert said: “The exploit is pretty simple to execute and comes with a Bash script to make it easy to scan for potential victims.

“In this case, the campaign objective is to mine cryptocurrencies, but, of course, the vulnerability and exploit can be used for other purposes.”

The campaigns documented by Morphus and Security firm F5 follow the discovery in October of a surge of sites and malicious apps that covertly mine cryptocurrencies.

The devices targeted low-powered phones and consumer computers.

Targeting higher-powered servers, the newer campaigns have the potential to generate larger amounts of digital coins.

But, given the number of unpatched servers and the huge increase in the value of cybercurrencies, hacking is likely to increase.

Mr Marinho goes on to say that the currency being mined in the Oracle’s WebLogic package exploit is known as Monero.

But, on Monday the researcher said he finally gained access to the attackers’ mining pool which showed the currency was actually another called AEON.

A recently uncovered mass hack of servers mined about $6,000 (£4,442) worth of the AEON cryptocurrency in the past 23 days.

The exploit used on the machine Mr Marinho examined shut down WebLogic, which is an attempt to reduce the load put on the CPUs of the compromised machine.

By killing WebLogic it makes it easy for victims to know when they have been compromised but the machine examined by Mr Marinho could have been modified to allow WebLogic to continue to operate normally.

Many operators remain unaware their servers have been hacked, as seen by the number of coins generated over the past 23 days suggests.

F5 found a slightly more elaborate campaign in December that had generated more than £8,500 (£6,262) in the cryptocurrency Monero.

This attack exploited servers running outdated version of the DotNetNuke content management system and the Apache Struts 2 Web application framework.

The Apache vulnerability was the same flaw attackers used to hack Equifax and steal data for as many as 143 million US consumers.

It also used two exploits developed by the National Security Agency before they were stolen and published in April by a mysterious group known as the “Shadow Brokers”.

It is codenamed “EternalBlue” and “EternalSynergy”.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *