Security Alerts & News
by Tymoteusz A. Góral

History
#975 The PhotoMiner campaign
Over the past few months, we’ve been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by mining Monero. The choice of a lesser known currency with a good exchange rate allows the attackers to rapidly gain money while the sophisticated use of safeguards makes it resilient to most disruption attempts, potentially leaving victims infected for years.
We’ve documented thousands of attacks originating from hundreds of IPs, running similar attack flows while using different binaries. In this report we will share our research on the PhotoMiner’s timelines, infection strategies, C&C servers and provide tools to help detect the malware.
Read more
#978 Aggressive Triada, Horde variants up mobile malware threat
#977 Malware infections by Locky, Dridex and Angler drop - but why?
#976 xDedic – the shady world of hacked servers for sale
#975 The PhotoMiner campaign
#974 Algeria blocks social media to beat exam cheats
#973 Attackers used nearly one million IPs to brute-force a financial institution
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12