The Cryptos News | Daily Bitcoin News
  • Home
  • News
  • Market Cap
  • Top Cryptos
    • Bitcoin (BTC)
    • Ethereum (ETH)
    • Binance Coin (BNB)
    • Cardano (ADA)
    • Solana (SOL)
    • Tether (USDT)
    • XRP (XRP)
    • Polkadot (DOT)
    • Dogecoin (DOGE)
    • USD Coin (USDC)
  • Prices
  • Wallet
  • Crash
  • Investment
  • Exchange
  • Mining
  • Trading
  • Home
  • News
  • Market Cap
  • Top Cryptos
    • Bitcoin (BTC)
    • Ethereum (ETH)
    • Binance Coin (BNB)
    • Cardano (ADA)
    • Solana (SOL)
    • Tether (USDT)
    • XRP (XRP)
    • Polkadot (DOT)
    • Dogecoin (DOGE)
    • USD Coin (USDC)
  • Prices
  • Wallet
  • Crash
  • Investment
  • Exchange
  • Mining
  • Trading
The Cryptos News | Daily Bitcoin News
No Result
View All Result
Home Mining

Someone may be prepping an NPM crypto-mining spree

Someone may be prepping an NPM crypto-mining spree
Share on FacebookShare on Twitter


A burst of almost 1,300 JavaScript packages automatically created on NPM via more than 1,000 user accounts could be the initial step in a major crypto-mining campaign, according to researchers at Checkmarx.

The creation of 1,283 packages and 1,027 users accounts seems to be the work of someone experimenting with what they might be able do.

The effort – dubbed CuteBoi because of the use of “cute” in the username hardcoded in many of the packages’ configuration files and a non-random NPM username cloudyboi12 – comes as another software supply-chain attack, dubbed IconBurst, made involved NPM JavaScript packages and typo-squatting.

The goal of IconBurst was to collect sensitive data from forms in mobile applications and websites that incorporated JS libraries that were deliberately misspelled to hoodwink coders into using them.

Microsoft GitHub-owned NPM hosts hundreds of thousands of JavaScript packages for developers. That makes it an attractive target for miscreants, as tampering with one or more of these libraries somehow – or tricking programmers into using booby-trapped, similarly named packages – allows malware to be injected into libraries and applications downstream that rely on the code.

It’s pretty much along the same lines as the supply chain attacks involving SolarWinds and Kaseya. Verizon noted in its 2022 Data Breach Investigations Report that supply-chain-based intrusions account for about 10 percent of all cybersecurity incidents.

Deepen Desai, CISO and vice president of security research and operations at zero-trust security vendor Zscaler, told The Register last month supply-chain attacks, which started out as nation-state espionage operations, are increasingly being adopted by financially motivated crime groups.

NPM has been hit with its share of security issues over the past couple of years, ranging from authorization and credential problems to crypto-mining mining malware embedded in an npm package that was detected in October 2021.

In the most recent case, Checkmarx researchers noted a flood of suspicious NPM users and packages being automatically created over a number of days, with all of the packages containing code that is almost identical to the Eazyminer package, designed to mine Monero by utilizing unused resources of such machines as CI/CD and web servers.

Eazyminer and its sudden rush of clones are just a wrapper around the XMRig mining tool, and need to be incorporated into a program before they can start mining. It appears, at this stage, someone is trying to flood NPM with randomly named packages that can be used by other libraries and applications to mine Monero.

“Downloading and installing these packages will have no negative effect on the machine,” the researchers wrote. “The copied code from Eazyminer includes a miner functionality intended to be triggered from within another program and not as a standalone tool. The attacker didn’t change this feature of the code and for that reason, it won’t run upon installation.”

That said, CuteBoi did modify eazyminer’s configuration files, specifying the server the mined cryptocurrency should be sent to.

“At the heart of these packages are the XMRig miners,” the researchers wrote. “Their binaries, compiled for Windows and Linux systems, are shipped along with the packages. The attacker changes the names of these binaries to match the random names of the package themselves.”

The automation CuteBoi is using to create its army of accounts and packages is not unique. Checkmarx in March wrote about how a cybercrime group it called Red-Lili automatically created hundreds of NPM accounts and malicious packages – one package per user – as part of a dependency confusion attack.

In the case of Red-Lili, the analysts “saw the attacker launch a self-hosted server to support such automation. However, it seems that in this case, CuteBoi found a way to launch such attack without hosting a custom server and registering domains.”

In addition, the CuteBoi mastermind appears to be using mail.tm, a provider of free disposable mailboxes that can be accessed via simple web API calls. Using this process, CuteBoi is able to create a slew of NPM user accounts and provide a working email address for each of them, which (for one thing) is required for two-factor authentication purposes.

Checkmarx created a website called CuteBoi Tracker that can be used to inspect all the packages and users created for the campaign. The vendor also made the tracker available on GitHub.

“CuteBoi is the second attack group seen this year using automation to launch large-scale attacks on NPM,” they wrote. “We expect we will continue to see more of these attacks as the barrier to launch them is getting lower.” ®



Read More:Someone may be prepping an NPM crypto-mining spree

Tags: CryptominingNPMpreppingSpree
Previous Post

Voyager Delivers Painful Lesson on Perils of Counterparty Risk in Bankruptcy Drama – The

Next Post

PayPal and Microsoft Adopt Cryptocurrencies: What This Means for the Future

Related Posts

Public weighs in on noise from bitcoin mining operation

Public weighs in on noise from bitcoin mining operation

by The Cryptos News
July 30, 2022
0

NIAGARA FALLS, N.Y. — Frank Peller couldn’t understand what was happening outside his home.“I thought it was a 747...

Chinese Fake Loan App Racket Used Crypto, Apple, Google Questioned On Crypto Apps Review,

Cryptojacking Cases Are Rising Globally, Why So And Should This Worry You?

by The Cryptos News
July 30, 2022
0

According to the internet security company Kaspersky, cryptojacking is an act of mining cryptocurrency by hacking into someone else’s...

Chainalysis Report Says $2.2 Million in Crypto Has Been Sent to Pro-Russian Groups in

Chainalysis Report Says $2.2 Million in Crypto Has Been Sent to Pro-Russian Groups in

by The Cryptos News
July 29, 2022
0

According to a report stemming from the blockchain intelligence company Chainalysis, the firm identified 54 pro-Russian groups that have...

Prices of Ethereum’s original coin ETH soar as miners migrate ahead of Merge

Prices of Ethereum’s original coin ETH soar as miners migrate ahead of Merge

by The Cryptos News
July 29, 2022
0

Over the past two weeks Ethereum’s popular ETH coin jumped by nearly half as confidence builds over its hotly-anticipated...

Next Post
PayPal and Microsoft Adopt Cryptocurrencies: What This Means for the Future

PayPal and Microsoft Adopt Cryptocurrencies: What This Means for the Future

Subscribe
Login
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Trending News

Payperless Crypto Wallet announced working on NFT tokens support

Payperless Crypto Wallet announced working on NFT tokens support

June 25, 2022
June’s Red-Hot Inflation Report Rattled Bitcoin and Ethereum Prices. What That Means for

June’s Red-Hot Inflation Report Rattled Bitcoin and Ethereum Prices. What That Means for

July 14, 2022
Ripple’s Counsel Urges US Lawmakers to Urgently Pass ‘Sensible’ Crypto Legislation Amid

Ripple’s Counsel Urges US Lawmakers to Urgently Pass ‘Sensible’ Crypto Legislation Amid

July 30, 2022
ADVERTISEMENT

Investment

Buying Bitcoin on the Dip? 3 Things the Smartest Investors Know About Crypto | The Motley

Buying Bitcoin on the Dip? 3 Things the Smartest Investors Know About Crypto | The Motley

July 30, 2022
Study up and become a more informed crypto investor with this bundle

Study up and become a more informed crypto investor with this bundle

July 30, 2022
Crypto Exchange KuCoin Launches NFT ETFs By Benzinga

Crypto Exchange KuCoin Launches NFT ETFs By Benzinga

July 30, 2022
Is It Right Time To Invest In Crypto Market? Crypto Expert Shares Bullish Indicator

Is It Right Time To Invest In Crypto Market? Crypto Expert Shares Bullish Indicator

July 29, 2022
$ETH-Based Investment Products Leading Bounce-Back in July, Says CryptoCompare Research

$ETH-Based Investment Products Leading Bounce-Back in July, Says CryptoCompare Research

July 29, 2022

Prices

Latest Report Shows Cryptojacking Increased By 30% During The Crypto Slump

Latest Report Shows Cryptojacking Increased By 30% During The Crypto Slump

July 30, 2022
Tron price prediction as Unifi Protocol TVL explodes

Tron price prediction as Unifi Protocol TVL explodes

July 30, 2022
Bitcoin and Ethereum Prices Are As High As They’ve Been Since June Crypto Crash, But

Bitcoin and Ethereum Prices Are As High As They’ve Been Since June Crypto Crash, But

July 30, 2022

Crypto Flipsider News – Crypto Market Rally; Nirvana (NIRV) Exploited; Vasil Delayed;

July 29, 2022

Trading

CoinFLEX: Amid liquidity crisis, the cryptocurrency exchange had this to say

CoinFLEX: Amid liquidity crisis, the cryptocurrency exchange had this to say

July 30, 2022
SEC Chairman Publishes Video Outlining Plan to Regulate Crypto Trading Platforms –

SEC Chairman Publishes Video Outlining Plan to Regulate Crypto Trading Platforms –

July 30, 2022
Analysis | Why the Crypto World Flinches When the SEC Calls Coins Securities

Analysis | Why the Crypto World Flinches When the SEC Calls Coins Securities

July 29, 2022
FTX wins full approval to operate crypto exchange in Dubai

FTX wins full approval to operate crypto exchange in Dubai

July 29, 2022
Crypto exchange Zipmex files for bankruptcy protection in Singapore

Crypto exchange Zipmex files for bankruptcy protection in Singapore

July 29, 2022
  • About Us
  • Contact Us
  • Terms of Use
  • Privacy Policy
  • DMCA

© 2021 Thecryptosnews.com

No Result
View All Result
  • Home
  • News
  • Market Cap
  • Top Cryptos
    • Bitcoin (BTC)
    • Ethereum (ETH)
    • Binance Coin (BNB)
    • Cardano (ADA)
    • Solana (SOL)
    • Tether (USDT)
    • XRP (XRP)
    • Polkadot (DOT)
    • Dogecoin (DOGE)
    • USD Coin (USDC)
  • Prices
  • Wallet
  • Crash
  • Investment
  • Exchange
  • Mining
  • Trading

© 2021 Thecryptosnews.com

wpDiscuz