tag—Crypto Miner
Hola Browser for Windows compromised to deliver cryptominerThe Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner.
Hackers exploit RCE flaws in Qinglong task scheduler for cryptominingHackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers.
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto MinersA financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto MinerAn ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared
RondoDox botnet exploits React2Shell flaw to breach Next.js serversThe RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto MinersA new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix AttacksThe ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even
Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogueCybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. "We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor NetworkMisconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners," Trend Micro researchers Sunil Bharti and Shubham Singh said in an
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and ProxywareA financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in