Detect extremely sophisticated virtual money digging code with the “west east” technique

Tram Ho

Encrypted malicious code is the next “east-west” attack that hackers are deliberately creating.

In the past, the biggest sneaking code of virtual money was discovered in December 2017. Hackers silently enter the Starbucks Wi-Fi network in Buenos Aires and spread it through visitors. Even this exploit tool is found running ads on YouTube through Google’s DoubleClick platform and spreading to more than 200,000 devices in Brazil.

As previously reported, hackers always have different ways to stealthily install crypto-malicious code on a user’s computer without them knowing that this trick is collectively known as Cryptojacking: They will use the resource itself, configure it from the user’s computer and dig virtual money without any permission or consent from the owner.

The code of virtual money training will quietly exploit the user’s computer resources to profit.

This time, security experts from Trend Micro confirmed attackers exploited security vulnerabilities from Oracle WebLogic server and installed malware that exploited Monero virtual currency (XMR for short), copper The hidden time as a form of encryption makes it difficult for network security experts to learn the format.

As soon as there is information from Trend Micro, a patch for security vulnerability for Oracle Weblogic server (“CVE-2019-2725”) has been updated and it is reported to be a bug in the data format decoding process. material.

Trend Micro also cited additional reports from the InfoSec SANS ISC forum that, in fact, the vulnerability has been exploited for a long time and has also sneaked virtual money from a user’s computer. Trend Micro has confirmed other information from the forum and analyzed reports from forum members.

“In fact, this type of phishing attack is not new, hackers only use this type of camouflage for anonymous attacks, you can completely avoid them with the setting safe with certificates like HTTPS, ”said Trend Micro.

Trend Micro has also further analyzed and detected malware often through PowerShell to exploit CVE-2019-2725 from which to enforce XMR virtual money laundering behaviors. Attached are new reports of this type of malicious code for users from Trend Micro’s experts as follows:

“As we delve deeper into this new malicious code, we realize that other malicious files continue to be downloaded without anonymizing the format we mentioned earlier. This leads us to suspect that the encrypted malicious code could be the next “pop-up” that hackers are deliberately creating for the purpose of spreading malicious code.

Also in this announcement, Trend Micro found out that the unique code of virtual money XMR has “evolved” dramatically, especially in the market of “plowing” virtual money in China this past spring, as you know China. Quoc is always a lucrative market with an overwhelming number of computer users, so hackers spread the malicious code here.

Trend Micro also recommends that companies using Oracle WebLogic servers must update security software to the latest version, thereby increasing the level of security for the server and preventing the risk of loss. about electronic money as well as computer resources of enterprises ”.

Please note computer symptoms such as:

– Percentage of CPU usage is used more than usual.

– Running cooling fan emits noise like running heavy processing program.

– The computer is slow but without any reason.

– RAM is more occupied than open applications.

If the computer has these signs, don’t worry about your device being used by hackers to “serve” for personal gain or virtual money. Note more, this issue will be handled when you regularly update the security version and never turn off automatic updates.

According to Ngoc Pham (Dan Viet)
Share the news now

Source :