UNCONFIGURED REDIS DBMS EXPOSE THOUSANDS OF SERVERS TO MINING TROJANS

Though banned in many countries, virtual and digital cryptocurrencies have caught many investors’ eyes in the last few days. There is no doubt on this fact that these currencies are not meant for short term profits but its long-term profits are much more valuable than investing in some future goal funds. Thus, for some who already know about it and have invested a lot by taking risks, this investment has turned out to be an ace of spades that has made huge profits for them.

Cryptocurrencies are one of the major sources of anonymity by hackers. If we go into the deep web- a world that is now used for illegal tasks rather than providing privacy, we will find that almost every transaction takes place through cryptocurrencies. Moreover, some past reports also claim that there is a massive increase in crime rates in the dark world after the introduction of cryptocurrencies. Both of these arguments clearly justify how cryptocurrencies helped threat actors in increasing their scopes while committing crimes. Therefore, we can say that mining cryptocurrencies are the utmost thirst that hackers crave for and they always look to expand their resources for mining.

While hackers were busy fulfilling their needs, security researchers from Tencent Security Team have found a swarm of troops carrying high-risk vulnerability exploits, and weak password blasters to seize the cloud host for mining cryptocurrencies. After exploiting the vulnerable point in the remote server, they download the mining trojan scripts SupermanMiner written in Golang to start mining from the target server. Let’s explore their whole mechanism.

To continue reading, click here.

Debuggers covering infosec news,cyber security tutorials, data breaches, malware, threat analysis, ethical hacking, bugs, vulnerabilities and much more.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ethical Debuggers

Debuggers covering infosec news,cyber security tutorials, data breaches, malware, threat analysis, ethical hacking, bugs, vulnerabilities and much more.