UW System School infected with Bitcoin Mining Scripts
The University of Wisconsin System discovered three of its servers mining Bitcoin. The UW Madison news section reported, illegal crypto miners exploited three servers at UW-Madison, UW-Stout, and UW-Superior by installing Bitcoin mining malware via the Oracle WebLogic software vulnerability. The UW System schools infected server were put offline to establish a safe and secure environment.
Hunting Miners Hunting Crypto
Stephanie Marquis, UW System Director of Communication, mentioned that several attempts were made on December 26, 2017, to install the malware on all three servers. Marquis stated that,
“The campuses responded immediately to the threat, and UW-Madison rebuilt their server to remove bitcoin software. UW-Stout and UW-Superior also immediately removed the software as soon as it was identified. No other campus identified the software after scanning their systems.”
According to the news release, the Cyber Security team performed a complete dissection of the malware due to a severe security threat. The IT team at UW cleaned and restored the servers before placing them back online. Finally, the servers and network were thoroughly tested to ensure the restoration was effective. The campus outage page provides more information on the status of affected serves.
The UW-Madison cybersecurity team points out that the malware is tailored to look for Bitcoin or other crypto files on the server. If cryptocurrencies or crypto related files are found, the malware extracts it and transfers it to another person. The security team indicates that the malware is still incapable of extracting personal data from users.
The main problem with the malware is that the fraudulent mining process uses large amounts of CPU memory and processing capacities, slowing down other application on the system.
DoIT technicians have been working to rebuild the system for over a week. “Due to the serious issues found during the recent maintenance, DoIT technicians are working on rebuilding the servers this weekend,” says the DoIT technicians website.
Malicious Mining Scripts
Recently, the booming crypto market has been the favorite meal of malicious hackers. The disruptive Coin Hive scripts, in particular, have been a favorite vehicle for cybercriminals to mine cryptocurrencies. Lately, illicit Bitcoin mining has reduced as the illegal mining of other digital currencies increased.
Fraudulent mining hijacks victims computer’s thereby draining its processing power to mine coins. Monero has grown in popularity due to its anonymity feature, where it ensures complete anonymity by creating false trails and making it impossible to track. According to Opera, a leading web browser, over 500 million people are affected by malicious crypto mining scripts.
Are cybercriminals benefiting from illegally mining cryptocurrencies using foreign computers? Let us know your thoughts in comments section.
