Cryptomining malware, potentially of North Korean origin, is targeting edge devices, including a zero-day vulnerability in Palo Alto Networks’ custom operating system that the company quickly patched in April. Researchers from Akamai identified the malware, dubbed RedTail due to its hidden “redtail” file name, indicating a sophisticated understanding of cryptomining.
The threat actors behind RedTail are likely operating their own mining pools or pool proxies instead of using public ones, aiming for greater control over mining outcomes despite the increased operational and financial costs of maintaining a private server. Akamai researchers noted that the hackers are using the newer RandomX algorithm for better efficiency and modifying the operating system configuration to use larger memory blocks, known as hugepages, to boost performance.
The use of private mining pools is a tactic reminiscent of North Korea’s Lazarus Group, although Akamai has not directly attributed RedTail to any specific group. North Korea is known for its for-profit hacking operations, which include extensive cryptocurrency theft and other methods to evade sanctions (see: US FBI Busts North Korean IT Worker Employment Scams).
Initially spotted earlier this year, the RedTail malware has evolved to incorporate anti-research techniques, mak
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: