New ServHelper campaign installing a loud CryptoMiner

Tuesday, July 14th, 2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Intelligence Briefing

Malware

New ServHelper campaign installing a loud CryptoMiner

A backdoor named ServHelper, associated with TA505 has been detected installing CryptoMiners in compromised systems since at least January 2020. This miner hides itself in the system using a virtualized environment. When the unsuspecting victim executes the installer, ServHelper will first check if it's running on a virtualized environment to avoid being analyzed and if the current user has admin privileges or the windows version 10 is < 10147 so it escalate privilege using DLL hijacking. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Intelligence Briefing

Malware

Blueliv Intelligence Briefing

Your cybersecurity news summary

Intelligence Briefing Malware

Intelligence Briefing

Malware