Category Archives: malware

Auto Added by WPeMatico

Monero's Website Compromised With Crypto Stealing Malware

Monero Website Compromised with Crypto Stealing Malware

Monero's Website Compromised With Crypto Stealing Malware

On 19 November 2019, a security breach on the official website of Monero paved way for a malicious version of the software, placing user funds in peril. The said software was expected to steal cryptocurrency, according to a Twitter post published by an XMR core team member.

#Monero Security Warning:

CLI binaries available on may have been compromised at some point during the last 24h. Investigations ongoing.

— Monero || #xmr (@monero) November 19, 2019

The announcement stated a possible manipulation of the command-line interface (CLI) binaries. The post noted that many users observed that the hash of the downloaded binaries did not match the expected hashes. The Reddit announcement read:

“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. […] If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded.”

Organizer of Monero Malware Response Workgroup, Justin Ehrenhofer, stated that despite a history of several malicious attacks at Monero, this was, in fact, the first time it got affected. While funds had been in jeopardy, the researchers’ investigation showed that the attackers might even have had the power to implement unauthorized actions on the user’s behalf.

One user even came forward and reported a theft of coins from the malware. A Reddit user going by the name moneromanz stated that it happened “…roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”

Amid the chaos, Monero is trying to resolve the issue at the earliest while appealing for user cooperation. Users can still use the reliable version of the wallet through the link of the corrected hashes as shared by the team. is committed to unbiased news and upholding journalistic codes of ethics. For more information please read our Editorial Policy here.

Follow on Twitter: @bitcoinnewscom
Telegram Alerts from

Image Courtesy: Pixabay

The post Monero Website Compromised with Crypto Stealing Malware appeared first on

Fight Fire with Fire: Botnet Seeks and Destroys Crypto Mining Malware

Security firm Netlab 360 has discovered a new botnet named Fbot in a strange case of fighting fire with fire. Fbot appears to be very different from almost any other botnet because it is seeking and destroying another botnet called ufo miner, known to install crypto mining malware on computers.

Fbot doesn’t appear to install any malware of its own, with a seemingly singular purpose of destroying a crypto mining malware botnet.

Botnets are an extremely common tool among hackers. Essentially, a hacker writes a program that installs itself on someone’s computer before propagating itself to more computers. The hacker uses the botnet to steal personal information, and in the case of crypto mining malware botnets, aggregate the weak processing power of thousands to millions of personal computers to mine significant amounts of crypto. Monero mining botnets are very common; one called Smominru infected 526,000 computers and mined millions of dollars of Monero.

In the case of Fbot, it finds the ufo miner software on an infected computer, rewrites itself in place of ufo miner, and then deletes itself. This leaves the computer uninfected, at least from either ufo miner or Fbot. This is probably the first recorded case of a botnet that deletes mining malware rather than installs.

Fbot will be difficult to stop because it uses the Emercoin decentralized domain name system (DNS), rather than the typical centralized DNS. It uses the same software to propagate that other mining malware botnets have been known to use, ADB.miner. Although the Fbot botnet may appear to be “good”, it is definitely installing itself without permission in a virus-esque fashion.

Some assumptions are that Fbot was created by someone trying to eliminate mining malware botnets but there is some evidence of more sinister motives. Netlab 360 found that Fbot has a strong connection to the Satori botnet; based on domain names that use the same registration email. Satori is a malicious botnet that has infected hundreds of thousands of computers.

If true, then Fbot might be produced by Satori to eliminate competition, since competing botnets on a single device results in less than optimal mining revenue.

Regardless of the intentions, the idea of a botnet destroying other botnets could be deployed by white hat hackers to finally curtail the growing crypto mining malware problem.


Follow on Twitter: @bitcoinnewscom

Telegram Alerts from

Want to advertise or get published on – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Fight Fire with Fire: Botnet Seeks and Destroys Crypto Mining Malware appeared first on

Crypto Mining Malware on the Rise as Ransomware Declines

A new study by Kaspersky Lab has found that incidents of cryptocurrency related ransomware declined 30% since 2016 from 2.58 million to 1.81 million, while simultaneously cryptocurrency mining malware incidents have risen 44.5% from 1.9 million to 2.74 million. Kaspersky Lab suspects that there is a direct causation between these statistics, they say cybercriminals have turned their backs on ransomware and are embracing cryptocurrency mining. This is because cryptocurrency mining malware supplies botnet masters with a consistent long-term income, as opposed to one-off rewards from ransomware that are much less frequent and come with much higher legal risk.

The main reason crypto mining malware is overtaking ransomware is because Bitcoin and cryptocurrency prices have gone up 1,000% since last year. This price increase has made it possible for hackers to make an easy living off a crypto mining malware botnet. Now they can infect 10 times fewer computers and make the same profits.

Cryptocurrency mining malware harnesses the processing power of an infected computer to generate cryptocurrency via the proof of work (PoW) algorithm. While mining cryptocurrency with a CPU or GPU is mostly obsolete at this point, it can be very profitable for botnet masters who are mining with hundreds or thousands of computers at once and not paying for electricity. All they have to do is create a script that uploads a cryptocurrency miner to a computer and sends the profits to a cryptocurrency address they control, and then spread the file. Often they spoof files to look like movies or popular software and put them on peer to peer torrent sites. When a user downloads the spoofed file nothing happens from their perspective, but the miner downloads in the background.

The unfortunate side effect of crypto mining malware is that a computer’s fan will tend to be on all the time, causing lots of noise, and even with constant fan usage, the computer can still overheat, shortening its lifespan. Also, an infected computer will use much more electricity than normal, directly causing loss of money for the victim, although probably not enough of a difference to notice on the bill.

All things considered though, crypto mining malware is not as bad as ransomware. A keen computer user can simply monitor the running processes on their computer to spot the mining malware and then delete it. Quite the contrary, ransomware seizes up the entire computer, and in the best case scenario, a user has to wipe the whole computer clean. In the worst case scenario, if they need their files, they have to actually pay the ransom to unlock their computer. Hackers design crypto mining malware so it runs quietly in the background, they want their victims to be able to use their computers smoothly so the mining malware stays running long term.

Follow on Twitter at @BitcoinNewsCom

Telegram Alerts from at

Image Source: Pixabay

The post Crypto Mining Malware on the Rise as Ransomware Declines appeared first on