Malicious #VSCode extensions infect Windows with #cryptominers
The package names are:
Discord Rich Presence for VS Code - 189K Installs
Rojo – Roblox Studio Sync - 117K Installs
Solidity Compiler - 1.3K Installs
Claude AI
Golang Compiler
ChatGPT Agent for VSCode
HTML Obfuscator
Python Obfuscator for VSCode
Rust Compiler for VSCode
ExtensionTotal says it reported the malicious extensions to #Microsoft, but they are still available at the time of writing.
https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-infect-windows-with-cryptominers/

While crypto is dumb, this take on crypto is also dumb.

Arkansas officials halt cryptomine near LR Airbase due to national security concerns
https://katv.com/news/local/arkansas-officials-halt-cryptomine-near-lr-airbase-due-to-national-security-concerns-state-senator-ricky-hill-lonoke-county-judge-doug-erwin-cabot-mayor-ken-kincade-interstate-holdings-arkansas-blockchain-council-benjamin-smith-steven-landers-jr-lrafb
#crypto #cryptocurrency #cryptocult #cryptominer #cryptominers #arkansas #littlerock #ArkansasPolitics

#Windows infected with backdoored #Linux #VM in #new phishing attacks
Using #virtualmachines to conduct attacks is nothing new, with #ransomware gangs and #cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network.
https://www.bleepingcomputer.com/news/security/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks/ #QEMU #ITSec

this motherfucker, cuz #AI is the new #crypto scam:

remember when during the #pandemic #shutdowns this motherfucker was lying about #cryptominers and telling everybody to pay up 2/3/5K for their graphics cards or GTFO?
https://www.cnn.com/2022/05/06/tech/nvidia-sec-settlement-crypto-mining/index.html

and then China and other Asian countries cracked down on miners & the prices dropped like a lead balloon?
https://gizmodo.com/chinas-crypto-crackdown-could-help-usher-in-a-return-to-1847140576

then magically miners pivoted into AI data hoovering centers?
https://www.theguardian.com/australia-news/2024/jan/27/tech-companies-shift-generative-ai-chatgpt

pepperidge farms remembers...

While I may publish a more complete blog post about this later
I also sent this on twitter to make #Github aware of it quicker
However I felt that I should also publish it here.

I recently came upon this post on reddit: https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/

Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop

looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.

When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,
Adding several exclusions to defender
and uninstalling various windows security components such as MRT.

After which it of course connected to various Monero mining pools.

Furthermore, the malware exhibits an added layer of sophistication by injecting malicious commands into the ~/.bashrc file.

#Cybersecurity #Linux #Python #PyPi #CryptoMiners

https://cybersec84.wordpress.com/2024/01/05/3-malicious-packages-on-pypi-sneakily-mine-crypto-on-linux-systems/

Y'all remember #KmsdBot @larry has been working on? the cryptomining botnet that landed on one of our honeypots earlier this year?

Part three is live now, this time discussing attack traffic. The highlights:

we believe it's DDoS for hire
victims are mostly in Asia, North America, and Europe
there's an interesting lack of activity in Russia and surrounding territories possibly pointing to the origins
two notable targets for FiveM and RedM, (gaming mods for GTA V and RDR2) which can tell us a lot about who its customers are.

https://www.akamai.com/blog/security-research/kmsdbot-part-three-examining-attack-traffic