Blueliv Intelligence Briefing
Your cybersecurity news summary
Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.
Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.
New ServHelper campaign installing a loud CryptoMiner
A backdoor named ServHelper, associated with TA505 has been detected installing CryptoMiners in compromised systems since at least January 2020. This miner hides itself in the system using a virtualized environment. When the unsuspecting victim executes the installer, ServHelper will first check if it's running on a virtualized environment to avoid being analyzed and if the current user has admin privileges or the windows version 10 is < 10147 so it escalate privilege using DLL hijacking. Learn more >