Monero cryptomining bugs infest Microsoft Windows machines

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Cybersecurity firm Red Canary observed Monero cryptomining bugs infesting Windows machines at multiple organizations.
  • You can protect your Windows PC by patching or installing a cryptomining blocker.
  • Visit the Security & Privacy page to learn more about securing your machine.
  • For extensive coverage of Windows 10 news and troubleshooting guides, check out our Windows 10 hub.
Monero cryptominers

To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Cybersecurity firm Red Canary reported Monero cryptomining bugs that attacked Windows machines at multiple organizations. It has given the name Blue Mockingbird to this type of malware activity it has been following for some time.

Cryptomining is a growing but an unstable sector. According to Statista, it generated $5 billion in revenue between 2010 and 2019.

The Blue Mockingbird Monero cryptomining payloads

The science of cryptomining is costly and computing resource-intensive, making it unattractive to many folks. But malicious actors have found a shortcut to making cryptomining money without having to buy powerful computers.

They illegally deploy cryptomining payloads on the computers of unsuspecting users to take advantage of the free processing power. That is the same reason hackers are delivering Monero cryptominers on Windows PCs.

In the incidents that Red Canary reported, the hackers launched multi-level attacks from numerous fronts to deliver the miners on Windows systems.

The bad actors would start by breaching web-facing applications. It appears they were taking advantage of Telerik UI vulnerabilities in ASP.NET apps.

After breached a targeted system, they would persistently launch multiple attacks using different techniques to deliver their malware.

We’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. They achieve initial access by exploiting public-facing web applications, specifically those that use Telerik UI for ASP.NET, followed by execution and persistence using multiple techniques.

Such actors have used proxying software for this purpose before. Also, they have worked with multiple types of reverse shell payloads to breach external systems.

According to Red Canary, the Telerik UI exploit in question, CVE-2019-18935, has been around for some time. That also means it is not going away anytime soon.

Therefore, you may want to patch your Windows systems right away before you are targeted for the next Monero cryptomining attack. That is very imperative especially if your organization uses any web-facing applications.

Alternatively, install a cryptomining blocker on your Windows 10 PC.

We’re on call to respond to any questions or suggestions. Feel free to share yours by writing us a message in the comments section below.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).

Restoro has been downloaded by 0 readers this month.

This article covers:Topics: