Bitcoin Forum
November 13, 2024, 07:26:59 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Hackers exploit critical VMware flaw to drop ransomware & miners  (Read 88 times)
PawGo (OP)
Legendary
*
Offline Offline

Activity: 952
Merit: 1385


View Profile
October 24, 2022, 09:16:21 AM
Merited by vapourminer (2), NeuroticFish (2)
 #1

Anyone using VMware Workspace ONE Access? Check if you use a patched version (CVE-2022-22954). Otherwise, maybe you mine Monero for someone.

Researchers at cybersecurity company Fortinet noticed in the newest campaigns that the threat actors deployed the Mira botnet for distributed denial-of-service (DDoS) attacks, the GuardMiner cryptocurrency miner, and the RAR1Ransom tool.
One interesting case is a pair of Bash and PowerShell scripts targeting Linux and Windows systems. The scripts fetch a list of files to launch on the compromised machine.
The PowerShell script ("init.ps1") downloads the following files from a Cloudflare IPFS gateway:
phpupdate.exe: Xmrig Monero mining software
config.json: Configuration file for mining pools
networkmanager.exe: Executable used to scan and spread infection
phpguard.exe: Executable used for guardian Xmrig miner to keep running
clean.bat: Script file to remove other cryptominers on the compromised host

More details: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners/
NeuroticFish
Legendary
*
Offline Offline

Activity: 3864
Merit: 6585


Looking for campaign manager? Contact icopress!


View Profile
October 24, 2022, 10:17:41 AM
 #2

I did quick research and it looks like it's enterprise/company software. I doubt anyone use this software, unless it's used by company where they work.

I've used in the past some VMWare enterprise solution for working from home, but that was years ago and I don't remember whether it was Workspace ONE or not.
So it's reasonable to think that there may be bitcoiners affected by the exploit.

On the other hand, it was advised many times that one should keep at hand an app that shows how much CPU is being used and check that now and then, to avoid surprises.
Thanks for the info, OP.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!