Mining in Plain Sight: The VS Code Extension Cryptojacking Campaign

A sophisticated cryptomining campaign has been discovered targeting developers through seemingly legitimate VS Code extensions. The campaign, potentially reaching over one million installations, involves fake extensions published by three different authors. These extensions secretly download a PowerShell script that disables Windows security, establishes persistence, and installs an XMRig cryptominer. The most successful fake extension gained 189K installs. The attackers created a multi-stage attack, even installing legitimate extensions they impersonated to avoid suspicion. The campaign published ten different malicious extensions, with the top three showing unusually high install counts, suggesting artificial inflation. The extensions share identical code and communicate with the same C2 server. The PowerShell script sets up persistence mechanisms, disables Windows security services, and attempts privilege escalation.

Pulse ID: 67f4ffb4bf1e842db102d8bd
Pulse Link: https://otx.alienvault.com/pulse/67f4ffb4bf1e842db102d8bd
Pulse Author: AlienVault
Created: 2025-04-08 10:51:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Tom’s Hardware: Bitcoin miners front-running tariffs by scrambling to ship thousands of machines before penalties hit. “Luxor Technology, a Bitcoin mining software and services company building machines in Thailand, is in a quandary: It needs to ship 5,600 units before the tariffs hit. Lauren Lin, Head of Technology at Luxor, told Bloomberg that they’re considering chartering a flight to […]

https://rbfirehose.com/2025/04/05/toms-hardware-bitcoin-miners-front-running-tariffs-by-scrambling-to-ship-thousands-of-machines-before-penalties-hit/

#cryptocurrency #cryptomining #tariffs

https://www.tomshardware.com/tech-industry/cryptomining/bitcoin-miners-front-running-tariffs-by-scrambling-to-ship-thousands-of-machines-before-penalties-hit

Bitcoin miners front-running tariffs by scrambling to ship thousands of machines before penalties hit - Before tariffs apply, bitcoin mining hardware manufacturers... - https://www.tomshardware.com/tech-industry/cryptomining/bitcoin-miners-front-running-tariffs-by-scrambling-to-ship-thousands-of-machines-before-penalties-hit #cryptocurrency #cryptomining #techindustry

Trump Brothers Help Launch Crypto-Mining Venture https://www.byteseu.com/881563/ #bitcoin #BitcoinMining #blockchain #Crypto #CryptoMining #Cryptocurrencies #CryptoCurrency #DigitalAssets #DonaldTrump #DonaldTrumpJr. #EricTrump #Hut8 #News #partnerships #PYMNTSNews #What'sHot

BBC: Bitcoin in the bush – the crypto mine in remote Zambia. “Water and electronic equipment don’t usually mix well but it’s precisely the proximity to the river that’s drawn bitcoiners here. Philip [Walton]’s mine is plugged directly into a hydro-electric power plant that channels some of the Zambezi’s torrent through enormous turbines to generate continuous, clean electricity. More […]

https://rbfirehose.com/2025/03/28/bbc-bitcoin-in-the-bush-the-crypto-mine-in-remote-zambia/

#Africa #Zambia #cryptocurrency #cryptomining

"Water and electronic equipment don't usually mix well but it's precisely the proximity to the river that's drawn bitcoiners here. Philip [Walton]'s mine is plugged directly into a hydro-electric power plant that channels some of the Zambezi's torrent through enormous turbines to generate continuous, clean electricity. More importantly for bitcoin mining - it's cheap."

https://www.bbc.com/news/articles/cly4xe373p4o

Wind power, waterfowl and crypto: The energy and environment bills to watch at the state Capitol https://www.byteseu.com/870609/ #AaronPilkington #BryanKing #cryptomining #DataCenters #environment #Gov.SarahHuckabeeSanders #JonathanDismang #NewBills #News #StateLegislature #TheBuffaloRiver

Pi Network cryptocurrency crashes 55%: Pi Coin price falls below $1.5 as KYC deadline looms—Can Binance listing help? https://www.byteseu.com/820997/ #Crypto #CryptoAlerts #CryptoMining #CryptoTrading #CryptoCurrency #CryptocurrencyPiNetwork #PiCoin #PiCoinKyc #PiCoinKycLastDate #PiCoinPrice #PiNetwork #PiNetworkPrice

New partnership to bring #nuclear technology to a #CryptoMining plant in #NorthTonawanda

Story by Prabhat Ranjan Mishra, January 8, 2025

"A new collaboration between the two companies could bring nuclear technology to a crypto-mining plant in North Tonawanda.

The memorandum of understanding signed between Digihost and #NANONuclear in December is aimed at bringing nuclear reactor technology to the #Digihost’s current crypto mining plant in #ErieAvenue."

Read more:
https://www.msn.com/en-us/technology/tech-companies/new-partnership-to-bring-nuclear-technology-to-a-crypto-mining-plant-in-north-tonawanda/ar-AA1xbZub
#NoNukesForAI #CryptoCurrency #NoNukes #NuclearWaste #Terminator #NewYorkState

Is crypto mining still a thing? #cryptocurrency #CryptoMining

Yearlong supply-chain attack targeting security pros steals 390K credentials - A sophisticated and ongoing supply-chain attack operating for the past yea... - https://arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/ #supplychainattacks #credentialtheft #cryptomining #security #biz⁢ #github #npm

“CP3O” pleads guilty to multi-million dollar cryptomining scheme – Source: www.bitdefender.com https://ciso2ciso.com/cp3o-pleads-guilty-to-multi-million-dollar-cryptomining-scheme-source-www-bitdefender-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #grahamcluleycom #cryptocurrency #cryptomining #Grahamcluley #Guestblog #Lawℴ #Microsoft #Amazon

“CP3O” pleads guilty to multi-million dollar cryptomining scheme https://www.bitdefender.com/en-us/blog/hotforsecurity/cp3o-pleads-guilty-to-multi-million-dollar-cryptomining-scheme #cryptocurrency #cryptomining #Guestblog #Lawℴ #Microsoft #Amazon

“CP3O” pleads guilty to multi-million dollar cryptomining scheme - A man faces up to 20 years in prison after pleading guilty to charges related to an illeg... https://www.bitdefender.com/en-us/blog/hotforsecurity/cp3o-pleads-guilty-to-multi-million-dollar-cryptomining-scheme #cryptocurrency #cryptomining #guestblog #lawℴ #microsoft #amazon

An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl #cryptomining #malware on victims' systems

https://go.theregister.com/feed/www.theregister.com/2024/10/24/perfctl_malware_strikes_again/

New Crypto Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool https://hackread.com/trojan-autoit-1443-hits-users-game-cheats-office-tool/ #TrojanAutoIt1443 #Cryptocurrency #Cybersecurity #Cryptomining #CyberAttack #Security #security #Malware #Scam

SIEM agent being used in SilentCryptoMiner attacks

A global malware campaign targeting mainly Russian-speaking users has been distributing cryptocurrency mining malware through fake software download sites, Telegram channels, and YouTube videos. The multi-stage infection chain uses unusual techniques for persistence and evasion, including hiding malicious payloads in legitimate file signatures and abusing the Wazuh SIEM agent as a backdoor. The final payload injects the SilentCryptoMiner into explorer.exe to mine cryptocurrencies like Monero. The attackers use SEO poisoning, social engineering, and multiple persistence mechanisms to maintain access. While primarily focused on cryptomining, some variants can also steal cryptocurrency wallet addresses and take screenshots.

Pulse ID: 6703a4b33a02dffbd52f2427
Pulse Link: https://otx.alienvault.com/pulse/6703a4b33a02dffbd52f2427
Pulse Author: AlienVault
Created: 2024-10-07 09:06:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

New #Perfctl #Malware targets #Linux servers in #cryptomining campaign
https://securityaffairs.com/169351/malware/perfctl-malware-targets-misconfigured-linux-servers.html
#securityaffairs #hacking

Selenium Grid Targeted for #CryptoMining!

Default no-auth settings make it a prime target for attackers injecting crypto miners and proxyjacking scripts.

https://thehackernews.com/2024/09/exposed-selenium-grid-servers-targeted.html

Lock it down now!