New Norman Cryptominer Uses Dynamic DNS for C2 Communication

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/new-norman-cryptominer-uses-dynamic-dns-for-c2-communication/
The new miner malware strain dubbed Norman by the Varonis Security Research team was discovered while actively mining for Monero using the computing resources of the infected workstations and servers as directed by its operators.

All infected hosts on the network were very easily detected by the use of DuckDNS which is a dynamic DNS service designed to help users create custom domain names easier.

According to the researchers who found this new cryptomining malware, "most of the malware from this case relied on DuckDNS for command and control (C&C) communications, to pull configuration settings or send updates."

Besides multiple miner malware samples among which Norman stood out as not having been seen before in the wild, Varonis' research team also discovered several password dumping tools and a hidden PHP shell, with some of them having infected the systems a few years earlier.
Click to expand...
Read more below:
www.bleepingcomputer.com

New Norman Cryptominer Uses Dynamic DNS for C2 Communication

A new cryptominer malware that infected almost all the computers on a company's network within a year uses DuckDNS for command and control communications with its masters.
www.bleepingcomputer.com www.bleepingcomputer.com
www.varonis.com

Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Crypto Jacking Investigation

The Varonis Security Research team recently investigated an ongoing cryptomining infection that had spread to nearly every device at a mid-size company. Analysis of the collected malware samples revealed a...
www.varonis.com www.varonis.com
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey, upnorth, stefanos and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
Replies
0
Views
1,047
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Malware News New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices
Replies
0
Views
1,010
Security News
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
    • Applause
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Replies
0
Views
971
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top