GitHub is being used by cybercriminals to mine cryptocurrency, police have detained a hacker whose death was staged, and a new ransomware variant targets security experts. The news digest for today on cybersecurity technology will cover all of that.
Making Use Of Github To Mine Crypto
GitHub is the physical home of a big crypto mining business, but how well does that operate?
- Cybercriminals adore a feature on GitHub that lets developers create temporary virtual machines on the company's servers to automate processes like code compilation and testing. However, because these temporary virtual machines run on standard virtual machines, they can be used for almost anything, including cryptocurrency mining. As soon as GitHub added 2000 minutes of this computing power per month to their free tier, cybercriminals flocked to it like a moth to a lamp.
- Only the capture remains in their path at this point, although many captures, including GitHub, offer a method for the blind that entails listening to some audio and inputting the numbers. With the aid of a speech-to-text AI, Purple Urchin gets over this obstacle and then has another bot. Of course, the entire procedure is scripted so they don't have to do anything.
- Disregard superior execution GPUs; these things run on only two central processor centers, so mining is unbelievably sluggish, and that implies Miss screens should be imaginative, and in this most recent mission uncovered by scientists, this implies that the gathering behind it, which the specialists are calling "purple imp" for reasons unknown, is mass making a large number of bot accounts on GitHub as well as on different stages that offer a complementary plan of a comparative help, and the manner in which purple imp mass makes.
- Purple Urchin now has a formidable army thanks to thousands of bots, but what is the ultimate objective? I understand that may seem like a silly question. Even if they are physically printing money while mining cryptocurrency, the devil is in the details. They're mining coins with extremely low-profit margins; I think the technical name is "coins" for these. So, let's presume this operation is only a test or a prelude to a broader campaign where they might mine a cryptocurrency like Monero. How much money could they possibly make mining Monero on GitHub, this is where things start to get a little absurd because they have to mine each Monero individually?
- Because mining in a VM using only a few CPU cores is so wasteful, it would cost GitHub over $100,000 to implement these VMS. However, because the energy bill isn't being paid for by the purple urchins, why should they care? a substitute Theoretically, the reason they are focusing on these low-value coins is that their underlying blockchains are simpler to attack. For example, in the crypto world, if you have control over 51% of the network's hash rate, you can take over the entire network and validate arbitrary transactions, potentially stealing millions of dollars.
- Regardless of their intentions, the purple urchin's campaign disappeared after the researchers released their findings. This is considerably easier to execute on smaller, less significant currencies. The usage of cloud services for crypto mining is still a major issue for platforms. One such platform, Heroku, has declared that it would cease operations because its security teams are expending a tremendous amount of work to control fraud and abuse of its free product plans. Learn more information
The Death of the Hacker Was Staged
- After his cybercriminal friends appear to have staged his demise, the infamous malware raccoon stealer accused operator has been detained, but let's take a step back. The first instance of Raccoon Stealer, which uses malware as a service, was in 2019. The trend in the sense that the creators, rather than utilizing it themselves, rented it out to other online criminals on a subscription basis for $200 per month. Customers receive a web portal where they may manage the PCs and create personalized versions of Raccoon Stealer.
- Because a raccoon stealer is basically an information thief—after infecting a PC, it will exfiltrate saved passwords, credit cards, cryptocurrency wallets, and so on—they have infected and, more crucially, retrieved stolen credentials. Unfortunately, this malware is incredibly newbie friendly because users don't have to worry about running their own servers or creating their own malware, and it can steal data from around 60 programs.
- When they abruptly announced that they had to close their raccoon stealer project because members of their team had been killed as a result of the Special Operation, which was a reference to the war on Ukraine, and that some of their servers had already stopped responding, the party was abruptly ended. However, it now appears that this was all a lie.
- He is thought to have been a key developer for the Pittsburgh Steelers who escaped the conflict rather than perish. There is now a ban on men leaving Ukraine, so his plan was to bribe border guards there to let him out. He was later captured on camera driving his Porsche across the border from Poland into Germany. I'm curious how he came up with that much cash. Eventually, he made it to Amsterdam with someone who I'm going to assume is his girlfriend and who recorded their emigration.
- And is currently being sought for extradition to the US on charges that carry a maximum 20-year sentence; yet, one point remains unanswered: how did US authorities, in this case, the FBI, discover the man's genuine identity? Although there is no explanation in the court filings, it appears that our miscreants made one little but catastrophic opsec error early in their cybercrime careers thanks to Anonymous sources who alerted a well-known cyber security site.
- And then everything fell apart; the feds accessed it and found a tonne of incriminating evidence, including this picture. At that point, they were probably just waiting for a chance to apprehend him, and his trip to Amsterdam gave them the justification they needed to do so after his raccoon thief team members faked his demise.
- As soon as they said they were shutting down, they quickly changed their minds, saying they were going offline to rework some code and to expect them back in a few months. They even doubled down on the fake death of their team member, saying they will continue to work in his honor. I can't imagine admitting one of your main guys has been arrested and one of your servers has been seized by the FBI would be very good for business.
Security Researchers' Work Is Framed by Ransomware
.webp "Mining Crypto on Github")
A bizarre new type of ransomware has emerged, and its main objective is to blame security experts. Strangely, victims have started discovering that their files are encrypted and contain the Azov file extension. There is a ransom note hidden within. You'd be excused for believing that this is just standard ransomware carried out by some online criminal looking to extort people out of a few hundred Monero, but that's not quite the case. "Hello, my name is Asha Razad, a Polish security specialist, and to recover your files contact us on Twitter," reads the first line of the note.
Numerous well-known cyber security researchers with nothing to do with this ransomware have claimed on their Twitter accounts that victims have already started approaching them for help in restoring files. This is definitely false information that was either made with the intent to harm these researchers by an unidentified third party having a grudge against them or was done for twisted entertainment. The remainder of the ransom note discusses the conflict in Ukraine and claims that the intention behind it is to draw attention to the issue. Although it is written from a pro-Ukrainian viewpoint, it appears to be just a poorly written bogus excuse for disseminating this ransomware. There have been reports of Ukrainian organizations, after all.
Being infected with this, the note ends with the hashtag Taiwan is China, which just doesn't make sense, but I suppose the note really doesn't need to.
There is no phishing effort, and no vulnerabilities are being exploited because this virus is not disseminated via a sophisticated technique. Instead, the criminals behind this have been using the low-effort method of simply purchasing installs on hacking forums. By this, I mean that they have been paying botnet owners to run this malware on a number of their bots, which is much cheaper than you'd expect since botnet owners typically charge just 10 cents per install. As a result, armed with a few hundred dollars, they have been purchasing installs on hacking forums. On thousands of computers, someone might possibly wreak havoc.
Capacitor
The website octopart.com, which I've been using for the past few years in my electronics business, allowed me to publish this article. In terms of component sourcing, Octopart.com is like your Swiss Army knife. It makes it simple to monitor component stock levels in real-time across a variety of distributors, which is crucial given the current component supply scenario.
When necessary, you can also quickly get data sheets and CAD models for components. The best aspect is that Octopart is fully integrated into Altium 365 and is entirely free to use.
