Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack

Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

https://osintsights.com/hola-browser-compromised-to-deliver-cryptominer-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #Cryptominer #HolaBrowser #MalwareOperations #EmergingThreats

Fake Update Campaign on Pirated Streaming Sites Delivers Silent CryptoMiner and RAT

Hackers are running a stealthy malware campaign targeting users visiting
pirated movie and TV show streaming sites. Visitors will be prompted to
update their video player plugin to download an archive consisting of an
executable file and a DLL file.

Pulse ID: 6a1f0902c202168f0b38b99d
Pulse Link: https://otx.alienvault.com/pulse/6a1f0902c202168f0b38b99d
Pulse Author: cryptocti
Created: 2026-06-02 16:46:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CryptoMiner #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #bot #cryptocti

Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw

Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...

Pulse ID: 6a01c2363e7f67fcbed473cb
Pulse Link: https://otx.alienvault.com/pulse/6a01c2363e7f67fcbed473cb
Pulse Author: AlienVault
Created: 2026-05-11 11:49:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AMOS #CryptoMiner #CyberSecurity #Encryption #HuggingFace #InfoSec #Mac #MacOS #Malware #OTX #OpenThreatExchange #Rust #SocialEngineering #SupplyChain #Trojan #Windows #bot #AlienVault

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale

PCPJack is a sophisticated credential theft framework that propagates across exposed cloud infrastructure while systematically removing artifacts linked to TeamPCP, a threat actor behind notable 2026 supply chain compromises. The toolset harvests credentials from cloud platforms, containers, developer tools, productivity applications, and financial services, exfiltrating data through attacker-controlled infrastructure. It targets exposed Docker, Kubernetes, Redis, MongoDB, RayML services and vulnerable web applications, enabling external propagation and lateral movement. Unlike typical cloud malware, PCPJack deploys no cryptominers, focusing instead on credential theft for monetization through fraud, spam campaigns, extortion, or access resale. The framework uses modular Python scripts orchestrated by a central component, employs Common Crawl data for target selection, and utilizes Telegram for command and control communications.

Pulse ID: 69fd0520d3687243cca2f973
Pulse Link: https://otx.alienvault.com/pulse/69fd0520d3687243cca2f973
Pulse Author: AlienVault
Created: 2026-05-07 21:33:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CryptoMiner #CyberSecurity #Docker #Extortion #InfoSec #Malware #OTX #OpenThreatExchange #Python #RAT #Redis #Spam #SupplyChain #Telegram #Troll #Worm #bot #AlienVault

Watch out as new .NET AOT malware hides its code as a black box, making detection far harder while delivering Rhadamanthys infostealer and crypto miner.

Read: https://hackread.com/net-aot-malware-code-black-box-evade-detection/

#CyberSecurity #Rhadamanthys #InfoStealer #CryptoMiner

I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.

This is doing some weird stuff, friends.

As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.

In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.

And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.

But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.

It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.

Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.

I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.

I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.

Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.

#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware

VPS của tôi liên tục bị nhiễm cryptominer ngay sau khi cài lại Ubuntu 24.04. Bots tấn công mật khẩu root trong khoảng thời gian từ lúc khởi động đến khi chạy script bảo mật bằng Ansible. Triệu chứng: CPU 100%, tiến trình gây nghi ngờ (XMRig), nhật ký hệ thống bị xóa. Câu hỏi: Mật khẩu 50 ký tự có đủ mạnh? Làm thế nào để khóa máy chủ trong giai đoạn cài đặt? #securitytips #cryptomining #Ubuntu #VPS

Tags: #VPSan ninh #cryptominer #Ubuntu2404 #Ansible #BruteForce #Kinhnghiệmthựctế #Hethongdichvu

Crypto Miner in hotio/qbittorrent

https://apogliaghi.com/2025/09/crypto-miner-in-hotio/qbittorrent/

#HackerNews #CryptoMiner #hotio #qbittorrent #cryptocurrency #technology

A Linux cryptominer has been quietly spreading malware for years by hijacking legit websites with SSL certs.

🔗 https://hackread.com/linux-cryptominer-using-legit-sites-to-spread-malware/

#CyberSecurity #Linux #Cryptominer #Malware #Crypto

Finally completed my rebuild of my #Grafana #prometheus #vps stack.

The old one was hosed in a 3 month battle with a #cryptominer
It was #docker but they kept fucking the Prometheus container.

I rebuild everything from scratch. The panels are integrated into a single JSON file, rather than in libraries.

The stack is now #podman. Rootless execution.
But I couldn't get it to get #cadvisor to feed it.
So I got a dodgy scraper script.
But even with nice, it loads the low tier VPS to 14%

#selfhosting