tag—Cryptojacking
GPU mining malware spreads via SEO poisoning, AI chatbotsThreat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations.
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware SitesMicrosoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic BombCybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIsCybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend Micro in late June 2025, which
Nebraska man gets 1 year in prison for $3.5M cryptojacking schemeA Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million.
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket TacticsA new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of a stealthy
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHubCybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration AbuseCybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,"
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat SignalsCybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain
Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux ServersCybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis