In a recent report by Trend Micro, it was revealed that the hacking group Outlaw has returned after months of inactivity. Currently, the group is focused on attacking servers with weak levels of security to steal crypto assets.
However, this time the group has emerged with an upgraded malware that works in two stages. Initially, the malware infects the system and uses its computing power to secretly mine crypto assets, and then it kills the crypto miners working on them.
Hacking group Outlaw moves to the US
The attacks originate from one virtual private server (VPS) that seeks systems with vulnerable security protocols to breach. Once the malware has infected the system, it spreads the botnet by sending a “while kit” of binary files at once. The attacks are targeting systems that have a low level of cybersecurity or are yet to upgrade their security systems.
The group was first discovered in 2018 and had been improving and testing new equipment and methods while attacking crypto mining systems in China. This year, the group has decided to switch from China towards the US and Europe.
The upgraded botnet infects servers and erases the existing mining software on the device. The team at Trend Micro has been studying the hacking group for a long time. The samples they have collected suggest that the botnets are also stealing data from companies in the financial sector. This data can then be sold by the group at a later date.
The study also revealed that the group is attacking corporate servers as well as private devices such as Android TVs. Researchers found commands for APKs and Android Debug Bridge that would make Android-powered TVs to begin mining without the owners knowing.
Featured image by pixabay.