Connect with us

Blogs

Minerva to Stop the Run of GhostMiner that is Solely Trying to Mine Monero

Published

on

Minerva
READ LATER - DOWNLOAD THIS POST AS PDF

In 2018, the cybercriminals are depending on malicious cryptocurrency miners who are using advanced exploit kits to make money online. The case of WaterMiner in late 2017 became quite popular. The security aspect was stepped up by the companies by upgrading their detection capabilities. However, the cybercriminals, as observed in the past, always remain a step ahead of the security vendors.

Recently, the research team of Minerva had detected a new malware called GhostMiner that is ‘killing’ existing miners to become the sole miner of Monero (XMR). This way GhostMiner was earning more XMR and depriving other miners. The research team of Minerva dissected GhostMiner after it had stopped the entry of the mining malware at a customer site. Such malware, as described by the Minerva team are using advanced fileless techniques to mine cryptocurrencies. It is, therefore, becoming increasingly difficult to identify the mining malware. However, Minerva Labs have succeeded in saving the Monero miners by the turning the tables on GhostMiner and using their scripts to remove them.

How GhostMiner Affected Monero

  • Using Advanced Fileless Techniques

The core activity of the mining malware, GhostMiner was executed by a compiled malicious Windows executable. PowerShell evasion frameworks like Invoke-ReflectivePEInjection and Out-CompressedDll gave the leeway to the executable to hide from the detecting agents. They used fileless techniques to mask the presence of GhostMiner. ps1, a PowerShell script had the role infecting new victims while another script of PowerShell (WM164.ps1 on x64 machines) was charged with mining Monero (XMR).

The path taken by GhostMiner successfully bypassed many security detectors and some of the analyzed payloads even remained fully undetected. However, the malware was detected by the same security vendors after the fileless technique was removed. Memory Injection Prevention of Minerva prevented the malware from making a fileless attack. Thus, the malware did not spread out and can no longer mine Monero (XMR) or any other cryptocurrency.

  • GhostMiner Targeting New Victims

Neutrino.ps1 searched out and attacked servers that run MSSQL, phpMyAdmin, and Oracle’s WebLogic. The attack mainly focused on the WebLogic servers and thus randomly searched out IP addresses, created multiple TCP connections. The core component of this attack conversed with its C2 server over HTTP. The process included encoding requests and answers in Base64. The indicators used by Minerva to detect the malware attacking Monero miners show that GhostMiner had created the malevolent HTTP requests to hide in companies with Chinese speaking users. Not all the techniques used by GhostMinerare new but it is the first time that a malware has used all of them together. The research done by Minerva shows that the operators of GhostMiner put a lot of effort into assembling their code. The attack launched on the Monero miners clearly rings the bell of warning for the security vendors.

Minerva’s Fight Against the Malevolent Crypto-Jacking Software

GhostMiner started its Monero mining operations only after it had eliminated all possible competition that they detected. The research team of Minerva capably analyzed the techniques that were deployed by the malicious malware. The script that turned the tables on the mining malware was named as MinerKiller.

  • PowerShell’s “Stop-Process-force” command was used to identify the running Monero miners and then eliminate them. They used a hard-coded blacklist to detect the miners.
  • The extension exe was used to stop and remove miner blacklisted services.
  • The researched team eradicated miners that run by the task name using exe as blacklisted scheduled tasks.
  • Commandline arguments were interpreted, analyzed and then used to stop and eliminate the miners.
  • Another strategy employed by Minerva was to go through the list of established TCP connections and identify the ports linked with the miners. The data were collected using

Conclusion

According to the Minerva team, one way of fighting mining malware like GhostMiner for the security vendors is by writing their own PowerShell scripts. It will help in identifying the unfamiliar tasks, services, and processes by arguments and TCP connections. These features will hopefully ward off any attempts of the cybercriminals in the mining process of cryptocurrencies.

We will be updating our subscribers as soon as we know more. For the latest on XMR, sign up below!

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our full disclaimer.

Image courtesy of Bart via Flickr

Altcoins

CoinFlip Scores Big with BRD Wallet Partnership

Published

on

CoinFlip
READ LATER - DOWNLOAD THIS POST AS PDF

As the crypto markets move closer to mass adoption, one of the keys for future success will revolve around attracting as many market participants as possible.  While many crypto users are extremely tech oriented, a lot of those on the sidelines are not.  The cause of waiting on the sidelines could be due to a variety of reasons such as fear of the unknown, lack of knowledge, age, or a combination of all of the above.  In order to entice new users to join the crypto revolution, crypto ATMs are rising up across the country.  Of those, the largest and most influential crypto ATM company by a significant margin is CoinFlip.

In early October, CoinFlip announced on its Twitter that it had officially partnered with BRD Wallet to re-introduce their crypto ATM map.  Now, BRD wallet users will be able to locate their nearest CoinFlip ATM and receive a 10% discount for both buys and sells.  BRD brand awareness is growing quickly within the crypto community thanks to its innovative and entrepreneurial spirit.  The team strongly believes in the value of financial freedom and independence, and want to empower people across the world by leveraging the possibilities that Bitcoin and other cryptocurrencies provide.

Cryptocurrencies are already making a huge difference around the world.  Citizens of Venezuela, a country devastated by rampant inflation, have been using several cryptocurrencies…

Continue Reading

Altcoins

Cryptocurrency Collateralized Debt Positions Are Growing in Popularity

Published

on

collateralized debt position
READ LATER - DOWNLOAD THIS POST AS PDF

While Bitcoin (BTC) continues to hover around the magical 10,000 price level, altcoins continue to fight an uphill battle.  Simply put, hopes of a future bull run continue to diminish as Bitcoin maintains its dominance.  One school of thought is that a few altcoins will survive and flourish, but which ones are anyone’s guess.  That being said, it’s hard to go wrong picking against the top coins like Ethereum (ETH), Ripple (XRP), Litecoin (LTC), and EOS.  These projects have managed to find a foothold in the market and have a better chance than most of staying there.  While traders wait for their positions to increase in value, one opportunity that may be worth looking at is initiating a collateralized debt position.

What is a Cryptocurrency CDP?

In traditional terms, a CDP is essentially putting up collateral in order to receive a loan against the deposited amount.  There are several examples of this in our day to day lives.  Auto title loans from large companies like TitleMax are extremely popular with consumers.  Consumers are essentially able to use their car as collateral in exchange for a cash payment which can then be used for whatever needs the consumer has.  The consumer can continue using their car as long as debt payments are made.

The same concept applies to cryptocurrency CDPs.  Consumers are able to put up crypto tokens, such as…

Continue Reading

Altcoins

Hodium Presents a Compelling Opportunity for Outsized Investment Returns

Published

on

Hodium
READ LATER - DOWNLOAD THIS POST AS PDF

I’m sure all of us remember the cryptocurrency glory days of 2017 and early 2018.  It was one of the biggest bull runs in history and created incredibly wealth for quite a few early entrants.  Unfortunately, for most of us, those gains have most likely been wiped out during the altcoin apocalypse.  The truth is that traders probably thought a bit too highly of their trading abilities when the reality was that anyone could have thrown a dart at a board and ended up making money.

As markets mature (and the crypto market is definitely maturing) it becomes more and more difficult to generate alpha.  In that regard, it’s similar to traditional financial markets.  I can remember trading during my high school days.  It was the late 90s and right in the middle of the dot.com boom.  Eventually, however, the euphoria fades away and reality hits hard.  Now, it’s become rather difficult to actually trade profitably which has given way to the rise of hedge funds.

Hedge funds are investment funds that pool capital from accredited and/or institutional investors and invest in a variety of assets, often with extremely complex portfolio-construction and risk management techniques.  The professionals employed by hedge funds are the best of the best and have spent years honing their craft.  That is why they’re able to make the millions of dollars that they normally…

Continue Reading

Elite