silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,274
A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware.
Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware.
Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary since April as it continues to plant various Monero miners on vulnerable systems. Rocke’s hallmark is the enlisting of toolkits that leverage Git repositories, HTTP File Servers (HFS) and a myriad of different payloads. The name Rocke was derived the the group’s Monero wallet that includes “rocke@live.cn”.
“Rocke will continue to leverage Git repositories to download and execute illicit mining onto victim machines,” the research team said in a post Thursday. “It is interesting to note that they are expanding their toolset to include browser-based miners, difficult-to-detect trojans, and the Cobalt Strike malware.”
Full Report: New Threat Actor 'Rocke': A Rising Monero Cryptomining Menace
Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware.
Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary since April as it continues to plant various Monero miners on vulnerable systems. Rocke’s hallmark is the enlisting of toolkits that leverage Git repositories, HTTP File Servers (HFS) and a myriad of different payloads. The name Rocke was derived the the group’s Monero wallet that includes “rocke@live.cn”.
“Rocke will continue to leverage Git repositories to download and execute illicit mining onto victim machines,” the research team said in a post Thursday. “It is interesting to note that they are expanding their toolset to include browser-based miners, difficult-to-detect trojans, and the Cobalt Strike malware.”
Full Report: New Threat Actor 'Rocke': A Rising Monero Cryptomining Menace
