New Rocke Variant Ready to Box Any Mining Challengers (May 28, 2019)
A malware threat group specializing in cryptomining called, “Rocke”, has been observed by FortiGuard Labs researchers to have added new features the cryptomining malware. Hosted on PasteBin, the malware can be installed on systems through a number of means including automated internet vulnerability scanning, service login brute-forcing and exploitations. Using hook libraries, the malware is able to stay on the system longer, as it is more difficult for users to detect and remove. Recently, threat actors have been targeting systems running Jenkins by attempting to exploit the vulnerabilities CVE-2018-1000861 and CVE-2019-1003000.
Recommendation: One of the best ways to secure your cryptocurrencies against theft is by using hardware wallets. Hardware wallets are a type of cryptocurrency wallet that stores the owner’s private keys on a hardware device that is secure from hacking attempts. Cold storage wallets could also be used to assist in cryptocurrency security. Cold wallets are placed on clean air-gapped computers and therefore protect all private keys from online threats. It is more tedious to use that increases the security.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.