Cryptomainer worm has got an opportunity to steal passwords of victims

Cryptomainer worm has got an opportunity to steal passwords of victims

The TeamTNT cybercriminal group has recently updated its malicious program with cryptomainer features. The network worm can now steal passwords from victims and more easily spread to other devices with an additional network scanner.

TeamTNT is best known for its attacks on Docker installations, which are later used to extract Monero digital currency (XMR). However, it seems that the criminals did not find enough minting, so they decided to steal the accounts of the victims in addition.



As explained by the researchers from Unit 42, the attackers collect passwords using the utilities mimipy.

These two tools are open-source analogues of Mimikatz.

The malware developed by the group got the name Black-T, now it can collect passwords as plain text, which are usually in the compromised memory of the attacked computer.



All collected data is sent to a server controlled by cybercriminals.

“Stolen data is likely to be used in future operations. In other words, to attack organizations managing the compromised Docker API”,
– written by experts.

Источник



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


2 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: