216.73.217.80

SIEM agent being used in SilentCryptoMiner attacks

· Published 07/10/2024 09:06 · Modified 07/10/2024 09:33

Export JSON

Essential information

Published
07/10/2024 09:06
Modified
07/10/2024 09:33
Tags
2024-10-07 autoit cryptomining defense evasion persistence seo poisoning siem silentcryptominer
Related entities
8 observables, 14 techniques (mitre), 1 malware, 9 others

Description

A global malware campaign targeting mainly Russian-speaking users has been distributing cryptocurrency mining malware through fake software download sites, Telegram channels, and YouTube videos. The multi-stage infection chain uses unusual techniques for and evasion, including hiding malicious payloads in legitimate file signatures and abusing the Wazuh agent as a backdoor. The final payload injects the into explorer.exe to mine cryptocurrencies like Monero. The attackers use , social engineering, and multiple mechanisms to maintain access. While primarily focused on , some variants can also steal cryptocurrency wallet addresses and take screenshots.

External references