A Darktrace‑detected campaign shows AI‑generated malware leveraging the React2Shell vulnerability to compromise an intentionally exposed Docker daemon, download LLM‑crafted payloads, and install XMRig mining software, highlighting a new low‑skill threat vector that evades traditional signature defenses.
A recent ASEC report reveals that a malicious program disguised as the popular Office 2013‑2024 C2R Install crack tool distributes a .NET‑based malware suite that installs Orcus RAT, the XMRig cryptocurrency miner, and the 3Proxy proxy tool, primarily targeting Korean users and persisting via scheduled tasks and PowerShell updates.
Hackers exploit GitHub Actions by submitting malicious pull requests that add hidden workflows, downloading and executing crypto‑mining binaries on GitHub’s free servers, a technique that has spread to other CI platforms and poses a persistent security challenge.
Amid soaring cryptocurrency prices, hackers exploit GitHub Actions by submitting malicious pull requests that run hidden XMRig mining code on GitHub’s free CI servers, a technique detailed through a French developer’s investigation, code analysis, attack scale, and mitigation advice.
