Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Trojanized Mounting Games deploy cryptocurrency miner in a large -scale Starydobry attack
Global Security

Trojanized Mounting Games deploy cryptocurrency miner in a large -scale Starydobry attack

AdminBy AdminFebruary 19, 2025No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


February 19, 2025Hacker NewsWindows / malicious software safety

Users who are on the search for popular games have been enlisted in the loading of the trapped installers, which led to the deployment of the miner cryptocurrency on the compromised hosts of Windows.

A large -scale activity has been registered Oldydobry A Russian cybersecurity company Kaspersky, who first discovered it on December 31, 2024. It lasted a month.

The goals of the company include people and enterprises around the world, and the Casperson telemetry reveals higher concentrations of infection in Russia, Brazil, Germany, Belarus and Kazakhstan.

“This approach has helped the subjects threaten the maximum benefit with the miner implant, focusing on powerful playing machines that can maintain mining,” – researchers Tatsyana Shishkov and Cyril Korczi – Note in an analysis published on Tuesday.

Cybersecurity

Miner Cryptocurrency Xmrig uses popular simulators and physical games such as Beamng.drive, Mod Garry, Sphere Dyson, Sandbox Universe and Plutocracy, as attracted to start a complex attack chain.

This provides loading of poisoned installers created by Inno setup On different torrent sites in September 2024, indicating that unidentified threats behind the company carefully planned attacks.

Users who ultimately load these issues are also called “turmoil”, submit an installer screen that calls them to continue the setting process during which the extraction and the drip (“unrar.dll”).

The DLL file continues its execution only after launching a number of checks to determine whether it works in the dehance or from the sand box, demonstration of its very eliminated behavior.

In the future, he interviews different sites such as API.Myip (.) COM, IP-API (.) Com, and IPWHO (.)-Get the IP address of the user and evaluate their location. If at this stage is not possible, the country is in China or Belarus for reasons that are not fully understood.

The next stage entails collecting the fingerprints of the machine, deciphering another executable file (“mtx64.exe”) and writing its contents into a disk file called “Windows.graphics.thumbnailhandler.dll” either in %systemroot %, or in %SYSTEMROOT %\ Sysnative folder.

Based on a legitimate project with an open source called EpubshellextthumbnailhandlerThe MTX64 changes the functionality of Windows Shell miniature for its own enhancement, loading the useful load to the next stage, portable under the name Kickstarter, which then units the encrypted point built into it.

Blob, as in the previous stage, is written on a disk called “Unix.directory.iconhandler.dll” in the%appdata \ roming \ microsoft “

Recently created Dll set up to obtain the final binary stage from the remote server, which is responsible for launching the miner implant, as well as constantly checking the presence of Taskmgr.exe and procmon.exe on the launch process. The artifact stops immediately if you are detected by any of the processes.

Cybersecurity

Shakhtar is a slightly customized version of Xmrig, which uses a predetermined command line to initiate the mining process on machines with processors with 8 or more nuclei.

“If there are less than 8, the miner does not start,” the researchers said. “Moreover, the attacker decided to place the mining -server basin in his infrastructure, not to use the public.”

“Xmrig dismantles the built command line using built -in functionality. The miner also creates a separate topic to check the monitors operating in the system using the same method as the previous stage.”

Starydobry is still unusable, given the lack of indicators that could link it to any famous criminal participants. Given this, the presence of the Russian language in the samples hints at the possibility of a Russian actor.

Found this article interesting? This article is a contribution to one of our esteemed partners. Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025

Hackers operate incorrectly configured API Docker to hand over cryptocurrency via Tor Network

June 24, 2025

US House forbids WhatsApp on official security and protection devices

June 24, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.