Since December 2019, more than 1,000 corporate computer systems have been infected with Blue Mockingbird malware by cyber criminals. The global spread of Monero mining malware was reported by Red Canary Cloud Security Company on May 26.
According to the report, monero mining malware attacks servers running ASP.NET applications and is most vulnerable to installing a web shell on the attack system. This inturn gives the administrator level of malware access to change the server settings.
Furthermore, the attackers are installing the XMRRig application to exploit the resources of the hacked system. According to Red Canary, the majority of the computer systems used are owned by big corporations, but the cloud security firm did not reveal names.
Remote Desktop Protocol’s weaknesses exploited by Monero mining malware
The cybercriminals utilized the weaknesses in the Remote Desktop Protocol in Windows operating system to access the computer systems. The report notes that although the attacks happened within a short period of time, it is hard to evaluate the total number of attacks. Indeed, this approach has been used before in the recent Trojan ransomware attacks.
Additionally, Red Canary has cautioned the firms that have not yet been infected to be at a higher risk of their system being breached by the Monero mining malware. According to the threat analyst at Emsisoft malware lab:
“Cybercriminals specifically seek out weaknesses in the internet-facing systems and, when found, exploit them. Companies can significantly reduce their risk factor by following well-established best practices such as timely patching, using MFA, disabling PowerShell when not needed, etc.”
Rise in ransomware attacks
The use of XMRRig app for illegal mining of cryptocurrencies has been a common practice by various groups of hackers. Back in 2019, cybersecurity companies Symantec and BlackBerry Cylance cautioned on the penetration of the XMRRig app through music files.
Furthermore, in November of the same year, malware attacked weak Docker occasions to install the crypto-jacking software.