SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow7671
New Norman Cryptominer Uses Dynamic DNS for C2 Communication
A new cryptominer malware that infected almost all the computers on a company's network within a year uses DuckDNS for command and control (C2) communications with its masters.
[...] The new miner malware strain dubbed Norman by the Varonis Security Research team was discovered while actively mining for Monero using the computing resources of the infected workstations and servers as directed by its operators.
All infected hosts on the network were very easily detected by the use of DuckDNS which is a dynamic DNS service designed to help users create custom domain names easier.
According to the researchers who found this new cryptomining malware, "most of the malware from this case relied on DuckDNS for command and control (C&C) communications, to pull configuration settings or send updates."
Besides multiple miner malware samples among which Norman stood out as not having been seen before in the wild, Varonis' research team also discovered several password dumping tools and a hidden PHP shell, with some of them having infected the systems a few years earlier.
[...] Malware developers are targeting most platforms with their malicious payloads, their cryptominers having been observed while attempting to infect all types of platforms and devices, from Windows, Linux, and macOS computers to Android devices and cloud services.
(Score: 3, Insightful) by Valkor on Monday August 19 2019, @06:07PM (2 children)
Since when did Command & Control need a new acronym? What's wrong with C&C?
(Score: 1, Informative) by Anonymous Coward on Tuesday August 20 2019, @04:42AM (1 child)
Note they actually use C&C also below to further confuse people...
(Score: 2) by Valkor on Tuesday August 20 2019, @05:34AM
oh god they did. heretics!