Proxyjacking | Breaking Cybersecurity News | The Hacker News

Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News. "When a new user logs into the server, it immediately stops all 'noisy' activities, lying dormant until the server is idle again. After execution, it deletes its binary and continues to run quietly in the background as a service." It's worth noting that some aspects of the campaign were disclosed last month by Cado Security, which detailed an activity cluster that targets internet-exposed Selenium Grid instances with both cryptocurrency mining and proxyjacking software. Specifically, the fileless perfctl malware has been found to exploit a security

A new, financially motivated operation dubbed  LABRAT  has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence," Sysdig  said  in a report shared with The Hacker News. "Furthermore, the attacker abused a legitimate service,  TryCloudflare , to obfuscate their C2 network." Proxyjacking  allows the attacker to rent the compromised host out to a proxy network, making it possible to monetize the unused bandwidth. Cryptojacking, on the other hand, refers to the abuse of the system resources to mine cryptocurrency. A notable aspect of the campaign is the use of compiled binaries written in Go and .NET to fly under the radar, with LABRAT also providing backdoor access to the infected systems.

For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said in a Thursday report. Unlike cryptojacking, in which a compromised system's resources are used to illicitly mine cryptocurrency, proxyjacking offers the ability for threat actors to leverage the victim's unused bandwidth to clandestinely run different services as a P2P node. This offers two-fold benefits: It not only enables the attacker to monetize the extra bandwidth with a significantly reduced resource load that would be necessary to carry out cryptojacking, it also reduces the chances of discovery. "It is a stealthier alternative to cryptojacking and has serious implications th