BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A number of Microsoft Exchange vulnerabilities were used in a new malicious campaign ProxyShellMiner

    The new malware, dubbed "ProxyShellMiner", exploits Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners and profit from attackers.

    ProxyShell is the common name for three Microsoft Exchange vulnerabilities discovered and fixed back in 2021. Together, the vulnerabilities allow remote code to execute without authentication, giving attackers full control over a specific Exchange server, as well as the ability to connect to other servers in the organization.

    In the attacks seen by Morphisec, attackers use the ProxyShell vulnerabilities tracked as CVE-2021-34473 and CVE-2021-34523 and CVE-2021-31207 to gain initial access to an organization's network.

    The attackers then drop the .NET malware payload into the NETLOGON folder of the domain controller to ensure that all devices on the network can run the malware. To activate it, a command line parameter is required, which is duplicated as a password for the XMRig Miner component.

    Next, the second loader creates a scheduled task on the infected system, which will launch the malware every time the user logs in. And then the malicious software, using the “Process Hollowing” method, introduces the miner into the user’s installed Internet browser and selects a random mining pool from the programmed list. After that, the process of cryptocurrency mining begins on the compromised computer.

    The final step in the chain of attack is to create a Windows Firewall rule that blocks all outgoing traffic from the system in order to reduce the chances of detecting infection tokens or receiving any warnings of a potential compromise.

    Morphisec warns that the impact of modern malware goes beyond DDoS attacks, server performance degradation and overheating of computers. After all, once hackers gain a foothold in the network, they can do anything at all. From deploying a backdoor to executing malicious code.

    To mitigate the risk of ProxyShellMiner infection, Morphisec recommends that all administrators apply available security updates and use comprehensive software solutions to detect and eliminate threats.

    Author DeepWeb
    An unknown attacker published data of Activision employees on a cybercrime forum
    Enterprising hackers from Blind Eagle attacked South American institutions in a rather interesting way

    Comments 0

    Add comment