• bitcoinBitcoin (BTC) $ 67,459.00
  • ethereumEthereum (ETH) $ 2,065.36
  • tetherTether (USDT) $ 0.999774
  • bnbBNB (BNB) $ 592.04
  • xrpXRP (XRP) $ 1.30
  • usd-coinUSDC (USDC) $ 1.00
  • solanaSolana (SOL) $ 79.88
  • tronTRON (TRX) $ 0.318932
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • dogecoinDogecoin (DOGE) $ 0.090591
  • usdsUSDS (USDS) $ 0.999956
  • whitebitWhiteBIT Coin (WBT) $ 51.29
  • leo-tokenLEO Token (LEO) $ 10.08
  • cardanoCardano (ADA) $ 0.243769
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • hyperliquidHyperliquid (HYPE) $ 35.91
  • bitcoin-cashBitcoin Cash (BCH) $ 424.81
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • chainlinkChainlink (LINK) $ 8.63
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • moneroMonero (XMR) $ 331.04
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • ethena-usdeEthena USDe (USDE) $ 0.999641
  • canton-networkCanton (CC) $ 0.139876
  • stellarStellar (XLM) $ 0.158656
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • memecoreMemeCore (M) $ 2.71
  • daiDai (DAI) $ 0.999979
  • susdssUSDS (SUSDS) $ 1.08
  • usd1-wlfiUSD1 (USD1) $ 0.999679
  • litecoinLitecoin (LTC) $ 53.52
  • zcashZcash (ZEC) $ 240.73
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • avalanche-2Avalanche (AVAX) $ 8.87
  • hedera-hashgraphHedera (HBAR) $ 0.086796
  • wethWETH (WETH) $ 2,268.37
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • suiSui (SUI) $ 0.849518
  • rainRain (RAIN) $ 0.006606
  • usdt0USDT0 (USDT0) $ 0.998824
  • the-open-networkToncoin (TON) $ 1.25
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.097629
  • crypto-com-chainCronos (CRO) $ 0.068939
  • bittensorBittensor (TAO) $ 298.53
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • tether-goldTether Gold (XAUT) $ 4,607.68
  • pax-goldPAX Gold (PAXG) $ 4,619.06
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • mantleMantle (MNT) $ 0.661236
  • polkadotPolkadot (DOT) $ 1.23
  • uniswapUniswap (UNI) $ 3.09
  • global-dollarGlobal Dollar (USDG) $ 1.00
  • falcon-financeFalcon USD (USDF) $ 0.997545
  • okbOKB (OKB) $ 82.32
  • pi-networkPi Network (PI) $ 0.169889
  • skySky (SKY) $ 0.073754
  • aster-2Aster (ASTER) $ 0.660294
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • nearNEAR Protocol (NEAR) $ 1.23
  • htx-daoHTX DAO (HTX) $ 0.000002
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • usddUSDD (USDD) $ 0.999234
  • aaveAave (AAVE) $ 92.06
  • pepePepe (PEPE) $ 0.000003
  • ripple-usdRipple USD (RLUSD) $ 1.00
  • ethereum-classicEthereum Classic (ETC) $ 8.61
  • bfusdBFUSD (BFUSD) $ 0.999602
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • bitget-tokenBitget Token (BGB) $ 1.86
  • internet-computerInternet Computer (ICP) $ 2.27
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • ondo-financeOndo (ONDO) $ 0.250483
  • gatechain-tokenGate (GT) $ 6.50
  • quant-networkQuant (QNT) $ 76.26
  • kucoin-sharesKuCoin (KCS) $ 8.06
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • algorandAlgorand (ALGO) $ 0.119794
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.04
  • pump-funPump.fun (PUMP) $ 0.001658
  • render-tokenRender (RENDER) $ 1.84
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.089752
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.21
  • usdtbUSDtb (USDTB) $ 0.999943
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • kaspaKaspa (KAS) $ 0.030849
  • nexoNEXO (NEXO) $ 0.839893
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • cosmosCosmos Hub (ATOM) $ 1.67
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • morphoMorpho (MORPHO) $ 1.46
  • worldcoin-wldWorldcoin (WLD) $ 0.242857
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • midnight-3Midnight (NIGHT) $ 0.042076
  • ethenaEthena (ENA) $ 0.077684
  • wbnbWrapped BNB (WBNB) $ 759.61
  • ousgOUSG (OUSG) $ 114.79
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • aptosAptos (APT) $ 0.833390
  • official-trumpOfficial Trump (TRUMP) $ 2.84
  • flare-networksFlare (FLR) $ 0.007441
  • filecoinFilecoin (FIL) $ 0.823820
  • vechainVeChain (VET) $ 0.007326
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • yldsYLDS (YLDS) $ 0.999946
  • beldexBeldex (BDX) $ 0.080001
  • xdce-crowd-saleXDC Network (XDC) $ 0.030945
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • hash-2Provenance Blockchain (HASH) $ 0.010864
  • ghoGHO (GHO) $ 0.999474
  • stable-2​​Stable (STABLE) $ 0.026452
  • jupiter-exchange-solanaJupiter (JUP) $ 0.159296
  • justJUST (JST) $ 0.063471
  • usual-usdUsual USD (USD0) $ 0.998110
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • arbitrumArbitrum (ARB) $ 0.091264
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.228451
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • true-usdTrueUSD (TUSD) $ 0.999212
  • a7a5A7A5 (A7A5) $ 0.012416
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.40
  • clbtcclBTC (CLBTC) $ 76,920.00
  • bonkBonk (BONK) $ 0.000005
  • layerzeroLayerZero (ZRO) $ 1.81
  • euro-coinEURC (EURC) $ 1.15
  • dexeDeXe (DEXE) $ 8.82
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.614849
  • siren-2Siren (SIREN) $ 0.551553
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999280
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • tbtctBTC (TBTC) $ 70,942.00
  • chilizChiliz (CHZ) $ 0.038236
  • blockstackStacks (STX) $ 0.210024
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006076
  • dashDash (DASH) $ 29.91
  • tezosTezos (XTZ) $ 0.340102
  • hastra-primePRIME (PRIME) $ 1.03
  • usxUSX (USX) $ 0.999742
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • adi-tokenADI (ADI) $ 4.44
  • sei-networkSei (SEI) $ 0.052435
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • ether-fiEther.fi (ETHFI) $ 0.444376
  • decredDecred (DCR) $ 19.92
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • kinesis-goldKinesis Gold (KAU) $ 143.95
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • sun-tokenSun Token (SUN) $ 0.017381
  • cocaCOCA (COCA) $ 1.30
  • venice-tokenVenice Token (VVV) $ 7.39
  • apenftAINFT (NFT) $ 0.00000033
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • bitcoin-svBitcoin SV (BSV) $ 16.17
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • edgexedgeX (EDGE) $ 0.908993
  • gnosisGnosis (GNO) $ 118.95
  • curve-dao-tokenCurve DAO (CRV) $ 0.207321
  • bittorrentBitTorrent (BTT) $ 0.00000031
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • usdaiUSDai (USDAI) $ 0.999984
  • doublezeroDoubleZero (2Z) $ 0.087734
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • monadMonad (MON) $ 0.027314
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • aerodrome-financeAerodrome Finance (AERO) $ 0.312618
  • plasmaPlasma (XPL) $ 0.117654
  • injective-protocolInjective (INJ) $ 2.77
  • fraxLegacy Frax Dollar (FRAX) $ 0.994178
  • kaiaKaia (KAIA) $ 0.045964
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • official-foOfficial FO (FO) $ 0.268321
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • zebec-networkZebec Network (ZBCN) $ 0.002704
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • crvusdcrvUSD (CRVUSD) $ 0.998046
  • lido-daoLido DAO (LDO) $ 0.308974
  • noonNoon (NOON) $ 0.751949
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • conflux-tokenConflux (CFX) $ 0.050232
  • kinesis-silverKinesis Silver (KAG) $ 68.46
  • jasmycoinJasmyCoin (JASMY) $ 0.005216
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • iotaIOTA (IOTA) $ 0.058586
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • flokiFLOKI (FLOKI) $ 0.000026
  • celestiaCelestia (TIA) $ 0.281440
  • the-graphThe Graph (GRT) $ 0.023429
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • olympusOlympus (OHM) $ 16.02
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000001
Bitcoin

Hackers attack servers to mine cryptocurrencies

By admin
0 78

Hackers attack servers to mine cryptocurrencies

Hackers are now attacking systems to carry out crypto mining activities, according to a report from researchers from cloud security firm Wiz. The researchers stated that the hackers are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities on compromised systems.

According to the report, after gaining code execution capabilities, the hackers deployed crypto miners on the systems of their compromised hosts. “The attacker used a modified version of XMRig with a hard-coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders,” the researchers said. They added that the payload used mining pool proxies to conceal the attacker’s crypto wallet, preventing investigators from tracing it further.

Hackers weaponize exposed JDWP to carry out mining activities

The researchers observed the activity against their honeypot servers running TeamCity, a popular continuous integration and continuous delivery (CI/CD) tool. JDWP is a communication protocol used in Java for debugging. With the protocol, the debugger can be used to work on different processes, a Java application on the same computer, or a remote computer.

However, due to the fact that JDWP lacks an access control mechanism, exposing it to the internet can open up new attack vectors that hackers can abuse as an entry point to enable full control over the running Java process. To simplify it, the misconfiguration can be used to inject and execute arbitrary commands in order to set up persistence on and ultimately run malicious payloads.

“While JDWP is not enabled by default in most Java applications, it is commonly used in development and debugging environments,” the researchers said. “Many popular applications automatically start a JDWP server when run in debug mode, often without making the risks obvious to the developer. If improperly secured or left exposed, this can open the door to remote code execution (RCE) vulnerabilities.”

Some of the applications that may launch a JDWP server when in debug mode include TeamCity, Apache Tomcat, Spring Boot, Elasticsearch, Jenkins, and others. Data from GreyNoise showed that over 2,600 IP addresses have been scanned for JDWP endpoints in the last 24 hours, out of which 1,500 IP addresses are malicious and 1,100 are classified as suspicious. The report mentioned that most of these IP addresses originated from Hong Kong, Germany, the United States, Singapore, and China.

The researchers detail how the attacks are being carried out

In the attacks observed by the researchers, the hackers take advantage of the fact that the Java Virtual Machine (JVM) listens for debugger connections on port 5005 to initiate scanning for open JDWP ports across the internet. After that, a JDWP-Handshake request is sent to confirm if the interface is active. Once it confirms that the service is exposed and interactive, the hackers move to execute a command to fetch, carrying out a dropper shell script that is expected to carry out a series of actions.

These series of actions include killing all competing miners or any high-CPU processes on the system, dropping a modified version of XMRig miner for the appropriate system architecture from an external server (“awarmcorner[.]world”) into “~/.config/logrotate”), establishing persistence by setting cron jobs to ensure that payload is re-fetched and re-executed after every shell login, reboot, or scheduled time interval, and delete itself on exit.

“Being open-source, XMRig offers attackers the convenience of easy customization, which in this case involved stripping out all command-line parsing logic and hardcoding the configuration,” the researchers said. “This tweak not only simplifies deployment but also allows the payload to mimic the original logrotate process more convincingly.”

This disclosure comes as NSFOCUS noted that a new and evolving Go-based malware named Hpingbot that has been targeting both Windows and Linux systems can launch a distributed denial-of-service (DDoS) attack using hping3.

Source

admin 19764 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.