Connect with us

Blogs

Minerva to Stop the Run of GhostMiner that is Solely Trying to Mine Monero

Published

on

Minerva
READ LATER - DOWNLOAD THIS POST AS PDF

In 2018, the cybercriminals are depending on malicious cryptocurrency miners who are using advanced exploit kits to make money online. The case of WaterMiner in late 2017 became quite popular. The security aspect was stepped up by the companies by upgrading their detection capabilities. However, the cybercriminals, as observed in the past, always remain a step ahead of the security vendors.

Recently, the research team of Minerva had detected a new malware called GhostMiner that is ‘killing’ existing miners to become the sole miner of Monero (XMR). This way GhostMiner was earning more XMR and depriving other miners. The research team of Minerva dissected GhostMiner after it had stopped the entry of the mining malware at a customer site. Such malware, as described by the Minerva team are using advanced fileless techniques to mine cryptocurrencies. It is, therefore, becoming increasingly difficult to identify the mining malware. However, Minerva Labs have succeeded in saving the Monero miners by the turning the tables on GhostMiner and using their scripts to remove them.

How GhostMiner Affected Monero

  • Using Advanced Fileless Techniques

The core activity of the mining malware, GhostMiner was executed by a compiled malicious Windows executable. PowerShell evasion frameworks like Invoke-ReflectivePEInjection and Out-CompressedDll gave the leeway to the executable to hide from the detecting agents. They used fileless techniques to mask the presence of GhostMiner. ps1, a PowerShell script had the role infecting new victims while another script of PowerShell (WM164.ps1 on x64 machines) was charged with mining Monero (XMR).

The path taken by GhostMiner successfully bypassed many security detectors and some of the analyzed payloads even remained fully undetected. However, the malware was detected by the same security vendors after the fileless technique was removed. Memory Injection Prevention of Minerva prevented the malware from making a fileless attack. Thus, the malware did not spread out and can no longer mine Monero (XMR) or any other cryptocurrency.

  • GhostMiner Targeting New Victims

Neutrino.ps1 searched out and attacked servers that run MSSQL, phpMyAdmin, and Oracle’s WebLogic. The attack mainly focused on the WebLogic servers and thus randomly searched out IP addresses, created multiple TCP connections. The core component of this attack conversed with its C2 server over HTTP. The process included encoding requests and answers in Base64. The indicators used by Minerva to detect the malware attacking Monero miners show that GhostMiner had created the malevolent HTTP requests to hide in companies with Chinese speaking users. Not all the techniques used by GhostMinerare new but it is the first time that a malware has used all of them together. The research done by Minerva shows that the operators of GhostMiner put a lot of effort into assembling their code. The attack launched on the Monero miners clearly rings the bell of warning for the security vendors.

Minerva’s Fight Against the Malevolent Crypto-Jacking Software

GhostMiner started its Monero mining operations only after it had eliminated all possible competition that they detected. The research team of Minerva capably analyzed the techniques that were deployed by the malicious malware. The script that turned the tables on the mining malware was named as MinerKiller.

  • PowerShell’s “Stop-Process-force” command was used to identify the running Monero miners and then eliminate them. They used a hard-coded blacklist to detect the miners.
  • The extension exe was used to stop and remove miner blacklisted services.
  • The researched team eradicated miners that run by the task name using exe as blacklisted scheduled tasks.
  • Commandline arguments were interpreted, analyzed and then used to stop and eliminate the miners.
  • Another strategy employed by Minerva was to go through the list of established TCP connections and identify the ports linked with the miners. The data were collected using

Conclusion

According to the Minerva team, one way of fighting mining malware like GhostMiner for the security vendors is by writing their own PowerShell scripts. It will help in identifying the unfamiliar tasks, services, and processes by arguments and TCP connections. These features will hopefully ward off any attempts of the cybercriminals in the mining process of cryptocurrencies.

We will be updating our subscribers as soon as we know more. For the latest on XMR, sign up below!

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our full disclaimer.

Image courtesy of Bart via Flickr

Blogs

TRON Partnership Involves Cloud Computing

Published

on

TRON partnership
READ LATER - DOWNLOAD THIS POST AS PDF

It has been almost an entire week since Justin Sun, the founder of TRON (TRX), announced a new big partnership for this cryptocurrency. His Twitter announcement did not provide a lot of information, except for the fact that the TRON partnership is with an industry giant worth tens of billions of dollars.

Even so, the entire crypto community started speculating about the new partner’s identity. Soon after the announcement, a new rumor emerged, claiming that the identity of an unnamed corporation was uncovered. According to the rumor, TRON’s new partner is none other than Baidu, one of the largest tech giants of China, which also represents this country’s largest internet search provider.

Baidu is often viewed as China’s version of Google, and if the rumors of a partnership with this company turn out to be true, this will be a big game-changer for TRON.

However, in days following the announcement, new reports started coming in with claims that the partnership will not revolve around blockchain technology. Instead, ODaily reported that the alleged partnership between TRON and Baidu will be focused on cloud computing. The report claims that TRON will be purchasing computing resources from Baidu.

Baidu to…

Continue Reading

Bitcoin

Will Ripple (XRP) advocacy hike affect bitcoin dominance of China?

Published

on

Ripple
READ LATER - DOWNLOAD THIS POST AS PDF

Currently, China is leading in Bitcoin mining industry by far, second to none for bitcoin mining power. Literally, it’s contributing over 70% of the network’s hash rate (a term that is used in describing the total processing power of a blockchain network). But how Ripple fits in here and what it has to do with that? We’ll talk about that a bit later below, let’s cover some in-depth facts about China’s dominance over Bitcoin first.

It’s a near-complete dominance by China on the BTC mining grid that has made it responsible for mining a majority of circulating bitcoins. A Beijing-based company, Bitmain Technologies, is highly responsible for extracting the significant part – more than half of the globe’s bitcoin, and alone, it has approached 50% of the total hash rate more than once.

The fact that China is controlling a majority of Bitcoin hash rate, clearly tells that it has the power of manipulating or merely destroy the bitcoin network if it gets enough support should it decide to take such a move. Therefore, this has led to serious concerns among countries including the US that China might get an edge in this cryptocurrency industry and possibly becoming a potential threat.

China is the biggest manufacturer of Bitcoin as well as cryptocurrency mining equipment. The reason behind the massive growth of mining farms in the country is because of cheap electricity bills.

Furthermore, the country has adopted several…

Continue Reading

Altcoins

Ravencoin (RVN) Surges Following Binance Listing

Published

on

Ravencoin
READ LATER - DOWNLOAD THIS POST AS PDF

While most cryptocurrencies today still remain unstable and at the edge of falling into the red, there are some coins that are doing significantly better. One such coin is Ravencoin (RVN), which has surged by over 26% in the last 24 hours.

About Ravencoin

Ravencoin came to be as a hard fork of Bitcoin and was inspired by a popular book series-turned-television programme, Game of Thrones. The coin’s developers decided to make Ravencoin an open-source project that provides users with the ability to declare assets on their platform. The platform itself is decentralized, transparent, and secure.

Just as Game of Thrones’ ravens are used for spreading the news and truth, Ravencoin hopes to become a carrier of truth regarding the ownership of assets on the blockchain.

Ravencoin’s main use case is for performing P2P transfers, while it prioritizes security, autonomy, user privacy, and control. Additionally, as a coin fighting for truth and transparency, it also stands against censorship.

Ravencoin got listed on Binance prior to MainNet launch

Following the last week’s announcement that Ravencoin is getting officially listed on Binance, the world’s largest cryptocurrency exchange ba trading volume, Ravencoin experienced a large price surge. At one point, the surge took the coin’s value up by over 31%. At the time of writing, however, the coin is still growing, with an increase of 26.15% in the last 24 hours.

Getting listed on Binance has brought Ravencoin to the top…

Continue Reading

Elite