Latest Monero News

Monero was the victim of a 10-day sybil attack
Business 12 November 2020

Monero was Sybil attacked

Monero, the controversial privacy-focused digital currency network, was the victim of a unique Sybil attack that lasted 10 days.

<p>Cybersecurity researchers are warning of a recent spike in activity of a stealthy <a href=digital currency mining botnet. Known as Lemon Duck, it targets Windows users and spreads by sending rich text format (RTF) files via email.

Lemon Duck has been around since December 2018. However, researchers at Cisco-owned Talos Intelligence Group have noticed a sharp rise in DNS requests connected with its command-and-control (C2) servers since the end of August.

In a blog post, the researchers revealed that Lemon Duck has 12 independent infection vectors, making it more potent than most malware. They include sending emails containing exploit attachments and brute-forcing a system’s SMB protocol. Once it infects a computer, it downloads a PowerShell loading script which disables the Windows Defender’s real-time protection. It also includes powershell.exe on the list of processes excluded from scanning.

Once installed, the botnet downloads and activates a mass-mailing module and then sends emails to all the victim’s contacts through Microsoft Outlook. These emails contain two malicious files, readme.doc and readme.zip, that download and install Lemon Duck on the target computer. To entice their targets, the emails contain COVID-19 related text.

[caption id="attachment_421447" align="alignnone" width="625"] Source: Talos Intelligence Group[/caption]

Lemon Duck combines code taken from several open-source projects with code specifically designed by the hacker, “showing moderate level of technical skills and understanding of security issues in Windows and various network protocols,” according to the report.

Talos researchers revealed that there were a number of overlaps between Lemon Duck and yet another cryptojacking malware dubbed Beapy that targeted East Asia in 2019. The two botnets also share emails and a number of URLs.

The resurgence of Lemon Duck is consistent with an uptick in digital currency mining malware recently observed by Talos, including the return of PowerGhost, Tor2Mine and Protemei.

Lemon Duck, like most other cryptojacking malware, mines Monero, a dark coin whose relative anonymity makes it the go-to for hackers. The botnet’s most popular targets are Egypt, China, Iran, Vietnam and India.

Watch Dr. Craig Wright’s CoinGeek Live presentation, Outsourced Computation on Bitcoin: How One World Blockchain Powers a New Future for Computing & Cloud System.

https://www.youtube.com/watch?v=FAEoXeN0b8M&feature=youtu.be&t=26697

" title="Monero-mining botnet Lemon Duck records spike in activity" />
Tech 18 October 2020

Monero-mining botnet Lemon Duck records spike in activity

Researchers at Talos Intelligence Group have noticed a sharp rise in DNS requests connected with its command-and-control servers since the end of August.

<p>CipherTrace has become the first company in the world with the ability to trace Monero (XMR) transactions. </p> <p>“Monero (XMR) is one of the most privacy-oriented cryptocurrencies,” said Dave Jevans, CEO of CipherTrace. “Our research and development team worked for a year on developing techniques for providing financial investigators with analysis tools. There is much work still to be done, but CipherTrace is proud to announce the world’s first Monero tracing capability. We are grateful for the support of the Department of Homeland Security’s Science & Technology Directorate on this project.”</p> <p>The U.S. Department of Homeland Security <a href=contracted with CipherTrace for a total of $3.6 million—with $2.4 million already paid—to create the Monero tracing tool. 

CipherTrace’s tool will allow its users to track stolen Monero or identify Monero used in illicit transactions and notifies digital currency exchanges when an individual is trying to send the privacy-centric coin from illicit sources to their exchanges.

Monero’s saving grace?

Monero is a privacy coin; this means that Monero is—or rather, was—fully-anonymous, untraceable, and unidentifiable. Because Monero was so anonymous, it has been delisted or banned from several digital currency exchanges and countries since it is often used as a vehicle for illicit activity—which is probably why Monero is the second most popular coin across darknet markets. 

Although the Monero community is viewing the CipherTrace tool as a negative, the tracking tool might actually save—or at least postpone—Monero from its inevitable demise. Now that analytics software exists for Monero, exchanges and governments can once again potential permit Monero since there is now a way to identify the source of illicit activity taking place on the XMR network.

In terms of what the company has planned next for their tracking tool, they said: “the tools CipherTrace developed within the scope of this DHS project have also laid the groundwork for future implementation of entity transactions clustering, wallet identification, exchange attribution, and other functionality that will provide law enforcement with even more tools for investigating Monero transactions and addresses.” 

" title="Monero is traceable using new CipherTrace tool" />
Business 3 September 2020

Monero is traceable using new CipherTrace tool

The U.S. Department of Homeland Security has signed a $3.6 million contract with CipherTrace to create the Monero tracing tool.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]