• NO Processing Fee, No Diagnosis Fee, NO Data No Charge
04 Dec

Cyber Criminals Are Using YouTube To Install Cryptojacking Malware

Cyber Criminals Are Using YouTube To Install Cryptojacking Malware

 At East African Data Handlers we have discovered that the  Slovakian software security firm Eset  uncovered that cyber criminals  are behind Cryptojacking Malware, the Stantinko botnet which has been distributed as a Monero (XMR) cryptocurrency mining module via Youtube.

We wish to warn the public to be careful. Further research indicate that, On Nov. 26, the major antivirus software supplier Eset reported that the Stantinko botnet operators have expanded their criminal reach from click fraud, ad injection, social network fraud and password stealing attacks, into installing Cryptojacking Malware on victims’ devices using Youtube.

Stantinko botnet has been active since at least 2012

The Stantinko botnet, which has been active since at least 2012 and predominantly targets users in Russia, Ukraine, Belarus and Kazakhstan, reportedly uses YouTube channels to distribute its Cryptojacking Malware module, which mines the privacy-focused crypto coin Monero on the CPUs of unsuspecting victims.

This cryptocurrency-stealing malware has reportedly infected around 500,000 devices, and is similar to the recently discovered malicious malware, Dexphot, malware discovered by Microsoft that has already infected more than 80,000 computers.

These crypto-hijacking codes steal processing resources, take over legitimate system processes and disguise the nefarious activity with the ultimate goal of running a crypto miner on the infected devices.

Eset informed YouTube, which reportedly responded by removing all the channels that contained traces of Stantinko’s code.

Malware on Monero’s official website was stealing crypto

In November, Monero’s core development team said that the software available for download on Monero’s official website might have been compromised to steal cryptocurrency. A professional investigator going by the name of Serhack confirmed that the software distributed after the server was compromised was indeed malicious:

“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”

 Be warned of this trend that  is now slowly coming to Africa. 

Courtesy of https://cointelegraph.com/

NEED HELP?

We are proud to provide you with full Data Recovery Service and Malware investigation services coverage to any part of Kenya; NairobiMombasaKisumu, Eldoret. Data Loss is only temporary and we prove it every day with the highest Hard Drive Recovery Success rate in Kenya. We Recover Data in Kenya from the Following Devices; Hard DrivesLaptopsDesktopsRaid SystemsRAID / NAS / SAN , ServersMemory Cards, Flash Drives, DatabasesSSD Drives etc

East African Data Handlers ltd no data – no charge policy means you owe us nothing if we are unable to recover your critical files.

Contact us now

If you’ve lost valuable, irreplaceable data — We can save it! Call us now at 0711 051 000 or visit our offices Chiromo Court 3rd Floor Westlands

Share this
08 May

Surge of MegaCortex Ransomware attacks detected

Surge of MegaCortex Ransomware attacks detected

A new strain named MegaCortex.

A cyber-security firm in the UK has reported detecting a spike in ransomware attacks at the end of last week from a new strain named MegaCortex. The firm said the MegaCortex ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions – a tactic that is known as “big-game hunting.” The modus operandi is not new and has been the preferred method of delivering ransomware for almost half a year.

MegaCortex now joins an ever-growing list of ransomware strains that cyber-criminal groups are using only in targeted attacks, rather than with spam or other mass deployment techniques. The list includes some recognizable names, such as Ryuk, Bitpaymer, Dharma, SamSam, LockerGoga, and Matrix.

SUDDEN RISE OF ATTACKS THIS MONTH.

According to a report released late Friday night 3rd May 2019, MegaCortex was first spotted back in late January, when someone uploaded a sample on malware scanning service VirusTotal.

Since then, the number of attacks has been growing, but they spiked mid last week when the firm says it detected 47 attacks – accounting for two-thirds of all the 76 MegaCortex attacks the company has seen all year.

The firm says it blocked the attacks it detected, which originated from enterprise networks located in the United States, Canada, the Netherlands, Ireland, Italy, and France. However, other megacortex attacks might have occurred in other places where the UK antivirus vendor had no coverage.

 

 

Share this

© 2015  East African Data Handlers. All rights reserved.