Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
It’s a Cryptocurrency world and we’re all just lowly peons. In this cryptocurrency-heavy TWIGH, let’s start with how cryptocurrency mining malware has dug its claws into over half-a-million PCs. That’s not even the best part. They did it using a NSA exploit. The botnet, named Smominru, is mining Monero cryptocurrency since at least May of 2017.
It’s mined nearly $3.6 million worth of crypto and is using leaked NSA’s RDP protocol exploit, EsteemAudit.
So, not only are GPU prices soaring thanks to these miners, but they don’t even wear cool hats or use canaries. Shame.
Speaking of Botnets, more and more Android devices are being used to serve the botnet. Seldom used port 5555 us being ransacked like any slight-imperfection in Imperial technology Rebel forces always exploit. Oh and they’re being used to mine because of course they are.
Over 5,000 devices are being used and that’s because a developer’s tool called the Android Debug Bridge can let them in. Oh, and that was just in 24 hours.
How it works is that the infection loads an app that’s difficult to locate and that app uses your phone’s processing power to mine cryptocurrency.
Let’s take a break from Crypto and talk about THE BIGGEST LEAK EVER (according to Vice). While I believe that statement is hyperbole, it’s still a major hack because the source code for iBoot, an extremely critical iOS program, was posted on Github for the world to browse.
Apple has obviously used their team of lawyers to get it taken down, but iBoot is responsible for ensuring a trusted boot of your iPhone. You can only imagine the security concerns this brings up, but if you’re using anything newer than iOS 9, you’ll probably be safe. Until people figure out how to implement it into the newest iOS… then we can all panic. For now, let’s just hope some part of any processor you own isn’t mining for crypto for someone else.
Back to crypto news, here’s a headline for you: “Russian nuclear scientists arrested for ‘Bitcoin mining plot.'” Am I living in a comic-universe here? What could possibly have been their plot? Are they using nuclear technology for their plot or is the fact that they’re nuclear scientists irrelevant?
Well, not totally. They were trying to use one of Russia’s most powerful super computers to mine cryptocurrency, but they were caught—NO WAY. Enjoy whatever punishment the Russians got for you.
Well, that’s it for this week. Don’t leave your passwords on sticky notes and while you’re at it, you better go ahead and change them real quick.