PyBitmessage Backdoor Malware Installed with CoinMiner
The AhnLab SEcurity intelligence Center (ASEC) has recently detected a new type of backdoor malware being distributed alongside the Monero coin miner. This blog post covers malware that utilizes the PyBitmessage library to perform communications on a P2P (Peer to Peer) network and encrypt the communication content between endpoints, instead
AhnLab EDR Detects CoinMiner Propagated via USB in South Korea
1. Overview CoinMiners typically secretly use the CPU and GPU resources of users’ computers to mine cryptocurrencies, which slows down the performance of the affected computers. CoinMiners are usually distributed through phishing emails, malicious websites, system vulnerabilities, and other means. For analysis of this malware, please refer to the AhnLab
CoinMiner Being Installed on Vulnerable Apache Tomcat Web Server
The ASEC analysis team has recently identified attacks targeting vulnerable Apache Tomcat web server. The Tomcat server that has not been updated to the latest version is one of the major attack vectors that exploit vulnerabilities. In the past, the ASEC blog has also covered attacks targeting Apache Tomcat servers
Monero CoinMiner Being Distributed via Webhards
Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware with illegal programs such as adult games and
Attack Cases Using Metasploit Meterpreter
Metasploit is a framework used in penetration testing. It is a tool that can be used to inspect security vulnerabilities for networks and systems of companies and organizations, providing various features for each penetration test stage. Like Cobalt Strike, it provides features necessary for each stage, from creating various
