Cybersecurity

7421 readers

136 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

StaryDobry campaign targets gamers with XMRig miner. (securelist.com)

submitted 3 months ago by [email protected] to c/cybersecurity

5 comments fedilink hide all child comments

On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and Kazakhstan—by spreading trojanized versions of popular games via torrent sites.

In this report, we analyze how the attacker evades detection and launches a sophisticated execution chain, employing a wide range of defense evasion techniques.

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago) (1 children)

StarýDobrý? @[email protected] these were czech hackers

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago) (1 children)

It is indeed a Czech phrase but definitely exists in other Slavic languages (for example Russian is старый добрый, usually transliterated as "staryy dobryy" or "staryj dobryj"). No group seems to have claimed responsibility; the article says

There are no clear links between this campaign and any previously known crimeware actors, making attribution difficult. However, the use of Russian language in the PDB suggests the campaign may have been developed by a Russian-speaking actor.

The name for the malware seems to have been chosen by Kaspersky and possibly taken from one of the strings in whatever "PDB" is. I'm guessing it's geographically close to Russia but not inside, as Russian threat actors (including script kiddies) tend to take care to exclude Russian citizens.

You're lucky I'm just logged in, my main account is @[email protected]

[–] [email protected] 1 points 3 months ago (1 children)

as Russian threat actors tend to take care to exclude Russian citizens.

Bruh

[–] [email protected] 3 points 3 months ago (1 children)

Yeah, otherwise their enemies include law enforcement and shit gets real

[–] [email protected] 1 points 3 months ago

Ahhhhh clever