A recent security report reveals that ten malicious Visual Studio Code extensions, disguised as popular tools, install PowerShell loaders that persist, disable defenses, and deploy XMRig miners, highlighting a classic third‑party supply‑chain attack and urging developers to tighten defenses.
This guide explains how to identify hidden crypto‑mining processes on a Linux server, stop the malicious services, block suspicious IPs, secure the system with tools like SafeDog and ClamAV, and install Sysdig for deeper forensic analysis.
A self‑built Kubernetes cluster was compromised when an unprotected node with empty iptables and a kubelet that allowed anonymous API access was hijacked for Monero mining, prompting a detailed post‑mortem, root‑cause analysis, and hardening recommendations.
The article recounts a Kubernetes cluster intrusion where a misconfigured kubelet allowed crypto‑mining, details the forensic steps taken—including empty iptables, kubelet API exposure, and commented‑out settings—and offers concrete hardening recommendations to prevent similar attacks.
This article chronicles the discovery of a server breach used for cryptocurrency mining, detailing the malicious code, forensic analysis of the trojan's actions and artifacts, and the step‑by‑step remediation measures taken to secure the system.
A Kubernetes node was compromised for Monero mining due to empty iptables, an exposed kubelet API, and a mis‑commented configuration, prompting a detailed post‑mortem and practical hardening steps to prevent similar attacks.
A Kubernetes cluster was compromised when a misconfigured kubelet allowed anonymous API access, enabling attackers to run a Monero miner; the post details the investigation, root causes, and practical hardening steps to prevent similar intrusions.
A self‑built Kubernetes cluster suffered a crypto‑mining intrusion due to empty iptables and a misconfigured kubelet, prompting a detailed post‑mortem that outlines the symptoms, root‑cause analysis, and practical hardening steps to protect similar environments.
After discovering a suspicious process on one of our self‑built Kubernetes nodes, we traced the intrusion to a misconfigured kubelet that exposed the API, allowing attackers to run a Monero mining script, and we outline the investigation steps and hardening measures to prevent similar breaches.
A recent incident revealed that a misconfigured kubelet and missing firewall rules allowed an attacker to hijack a node in a self‑built Kubernetes cluster for Monero mining, prompting a detailed post‑mortem and a set of hardening recommendations.
A Kubernetes node was compromised for Monero mining due to empty iptables, exposed kubelet API, and a commented‑out security flag, prompting a detailed forensic analysis and a set of hardening steps to secure the cluster against similar attacks.
This article walks through a real-world server breach where attackers hijacked SSH access, deployed malicious scripts, leveraged Redis vulnerabilities, and turned the machine into a high‑speed crypto‑mining botnet, while offering detailed forensic clues and remediation advice.
Hackers exploit GitHub Actions by submitting malicious pull requests that add hidden workflows, downloading and executing crypto‑mining binaries on GitHub’s free servers, a technique that has spread to other CI platforms and poses a persistent security challenge.
Amid soaring cryptocurrency prices, hackers exploit GitHub Actions by submitting malicious pull requests that run hidden XMRig mining code on GitHub’s free CI servers, a technique detailed through a French developer’s investigation, code analysis, attack scale, and mitigation advice.
After my small 1‑CPU, 2 GB server was compromised by a crypto‑mining virus that hijacked SSH access, I used VNC to investigate, identified malicious processes, traced infected files, removed cron jobs, restored system utilities, repaired SELinux, and closed the Redis vulnerability to fully recover the machine.
A Baidu operations engineer illegally mined cryptocurrency on more than 150 company servers in 2018, netting over 100,000 RMB, was caught, sentenced to three years in prison and a fine, and the case now serves as a stark reminder of insider threats and the need for strict access controls in IT operations.
This article details a multi‑stage server compromise that injected gambling pages, planted hidden accounts, deployed crypto‑mining software, and opened unnecessary ports, providing step‑by‑step forensic analysis, code inspection, emergency response actions, and indicators of compromise.
A Linux ops engineer troubleshoots persistent 502 errors, discovers a rogue cranberry process auto‑restarted by a malicious crontab job, removes the malware, then explores the underlying xmr‑stak CPU mining tool and builds a Docker image to control the mining workload.
Recent reports show that some Chinese ISPs inject obfuscated cryptocurrency‑mining JavaScript into popular video‑streaming pages, using network hijacking to exploit browsers' CPU cycles without noticeable slowdown, and security tools like 360 Safe Guard now offer anti‑mining protection.
Tencent's security lab uncovered a large‑scale trojan spread via pornographic web ads that exploits the CVE‑2016‑0189 IE vulnerability, installs a backdoor, and runs a Zcash mining program, while also distributing Linux malware and controlling numerous C&C servers across Chinese provinces.
