Cryptojacking campaign detected in the wild

Cryptojacking campaign in which the attackers exploit known DLL Side-Loading vulnerabilities in Microsoft OneDrive.

REFERENCE: https://www.bitdefender.com/files/News/CaseStudies/study/424/Bitdefender-PR-Whitepaper-SLOneDriveCyberJack-creat6318-en-EN.pdf

TAGS: DLL-Side Loading, CryptoJacker, OneDrive, Run Keys, XMRig, lolMiner

GROUP: Cryptocurrency Cybersecurity

ATT&CK IDS: T1204 - User Execution, T1106 - Native API, T1547 - Boot or Logon Autostart Execution, T1073 - DLL Side-Loading, T1055 - Process Injection, T1057 - Process Discovery, T1082 - System Information Discovery, T1496 - Resource Hijacking

Read More:

https://otx.alienvault.com/pulse/634417b111fffa8b34d5e69b