Kingminer Botnet Keeps up with the Times
July 08, 2020
The e-currency boom in late 2017 sparked a new type of “gold rush”, as cyber-criminals started racing to infect home computers and data centers with crypto-miners.
While digital currencies have fluctuated wildly since late 2017, cyber-criminals are still making money and investing in the development of mining malware. Such is the case with Kingminer, a piece of crypto-jacking malware that has been around since early 2018.
Kingminer has drawn its share of scrutiny, as it has been thoroughly researched by the cyber-security community. Recently, though, Bitdefender researchers picked up an attack involving several new sophisticated techniques, tactics and procedures to deliver malicious payloads.
This new whitepaper on Kingminer focuses on novel techniques such as:
- Initial access from SQL Server processes by brute-forcing accounts
- Initial execution from a kernel exploit, e.g., EternalBlue, the technique used by WannaCry
- DGA (Domain Generation Algorithm) for evading blacklists
- Use of tools like Mimikatz and PowerSploit
- File-less execution of the bot
- Various payloads delivered from the attacker’s server (XMRig, Kingminer)
tags
Author
I'm a senior software engineer at Bitdefender. Passionate about malware behavior analysis, I am continuously looking for new tricks employed by malicious actors.
View all postsRight now Top posts
Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
June 08, 2023
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
May 02, 2023
EyeSpy - Iranian Spyware Delivered in VPN Installers
January 11, 2023
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
January 05, 2023
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
