Unknown actors used Telegram to covertly mine Monero

Splunk cybersecurity specialists рассказали about a new wave of attacks using the desktop version of the Telegram messenger to covertly mine Monero.

According to researchers, hackers compromise Windows servers inside Amazon Web Services with Remote Desktop Protocol enabled. They then install the Telegram desktop application, which is used as part of the attackers’ infrastructure to relay command messages.

Subsequently, the attackers infect devices with Monero-mining malware. Researchers also identified one of the cryptocurrency wallets linked to similar attacks in 2018.

Splunk noted that the attacks originate from Chinese and Iranian IP addresses.

Earlier, Avast specialists reported that the DirtyMoe botnet potentially infected tens of thousands of computers in Russia with hidden miners.

Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.