Devs at Blogging Platform Ghost Take Down Crypto-Mining Malware Attack

Announced in a status update on May 3, the devs revealed that the attack occurred around 1:30 a.m. UTC. Within four hours, they had successfully implemented a fix and now continue to monitor the results.

Developers at blogging platform Ghost have spent the past 24 hours fighting a crypto mining malware attack.

No sensitive user data compromised

Yesterday’s incident was reportedly carried out when an attacker targeted Ghost’s “Salt” server backend infrastructure, using an authentication bypass (CVE-2020-11651) and directory traversal (CVE-2020-11652) to gain control of the master server.

The Ghost devs have said that no user credit card information has been affected and reassured the public that no credentials are stored in plaintext. They were alerted to the incident as the hackers attempted to mine cryptocurrency using the platform servers:

“The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately.”

In an update posted within the last hour, the Ghost team announced that all traces of the crypto-mining virus have now been completely eliminated. They continue to “clean and rebuild” the entire network, and are apparently cycling all sessions, passwords and keys on every affected service on the platform as a precautionary measure.

A post-mortem of the incident will be published later this week.

Crypto-mining malware – a.k.a. cryptojacking

As Cointelegraph has previously reported, crypto-mining malware – sometimes referred to as “cryptojacking” – has been increasingly rife in recent years.

These stealth attacks attempt to install malware that uses a target computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. As with Ghost, the load on the CPU of the hardware can be a telltale sign, although many attacks have previously continued to operate for significant stretches of time without detection.

Last month, international hacker and cybersecurity expert group Guardicore Labs revealed that as many as 50,000 servers worldwide had been infected with an advanced cryptojacking malware that mined a privacy-focused altcoin, Turtlecoin (TRTL).

The privacy-centric coin Monero (XMR) has been particularly prevalent in cryptojacking campaigns, with researchers reporting back in mid-2018 that around 5% of the altcoin in circulation had been created through stealth mining.

Employee Fined For Mining BTC on Nuclear Research Center Supercomputer

An employee at a nuclear research center in the closed town of Sarov in Russia was fined for illegally mining Bitcoin.

Convicted to pay $7,000 fine

According to a Sept. 27 article by Russian news outlet Meduza, a man was fined 450,000 rubles ($7,000) for trying to mine Bitcoin by using a petaflop-capable supercomputer at his workplace, the All-Russian Scientific Research Institute in Sarov, Russia.

Sarov, about 230 miles east of Moscow is a closed town as it is the Russian center for nuclear weapons research.

The court delivered the verdict on Sept. 17. The nuclear research employee was convicted of unlawful access to computer information and a violation of the rules for storing information.

Using illegal electricity to mine crypto

As Cointelegraph recently reported, an Armenian IT company was accused of illegally accessing electricity and using it to mine cryptocurrencies. The Armenian National Security Service claimed that the IT company installed cryptocurrency mining equipment inside one of its hydropower plants and as a result illegally consumed 1.5 million kilowatt-hours of electricity – worth more than $150,000, locally – over the course of 1.5 years.

In May, Cointelegrap reported that the state authorities of China’s Sichuan province were investigating local Bitcoin mining farms that allegedly been built illegally. More than 30,000 Bitcoin mining machines were reportedly constructed without official approval from the local government and were subject to further examination.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *