Cybersecurity researchers at Cado Security Labs have uncovered a new campaign exploiting misconfigured Jupyter Notebooks to install cryptominers on Windows and Linux systems. Attackers leverage exposed cloud services to run unauthorized cryptocurrency mining operations.
The attack begins by retrieving a malicious MSI file or a bash script, which installs a cryptominer disguised as Java.exe. The malware retrieves encrypted payloads, decrypts them using ChaCha20, and launches mining operations targeting Monero, Sumokoin, Ravencoin, and other cryptocurrencies.
A parallel campaign was also found targeting PHP servers, deploying similar cryptomining payloads.
To mitigate these risks, organizations should enforce strong authentication, disable public access, and regularly monitor their cloud environments for unusual activity.
The attack begins by retrieving a malicious MSI file or a bash script, which installs a cryptominer disguised as Java.exe. The malware retrieves encrypted payloads, decrypts them using ChaCha20, and launches mining operations targeting Monero, Sumokoin, Ravencoin, and other cryptocurrencies.
A parallel campaign was also found targeting PHP servers, deploying similar cryptomining payloads.
To mitigate these risks, organizations should enforce strong authentication, disable public access, and regularly monitor their cloud environments for unusual activity.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)