1 min read

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Cryptojackers have become very lucrative for cybercriminals in recent years as the price of cryptocurrency soared. From data breaches to PUAs to warez downloads, coin miners and cryptojackers crop up steadily in our threat landscape reports.

However, to meet their financial expectations, cybercriminals are taking new approaches to planting and loading cryptojackers on victims’ computers. This is the case of an active cryptojacking campaign that uses a Dynamic Library Link (DLL) hijacking vulnerability in OneDrive to achieve persistence and run undetected on infected devices.

In this paper we describe a cryptojacking campaign in which the attackers exploit known DLL Side-Loading vulnerabilities in Microsoft OneDrive.

Download the research paper

Key findings

  • Bitdefender identified and documented a cryptojacking campaign exploiting known DLL sideloading vulnerabilities in Microsoft OneDrive.
  • Between May 1 to July 1, 2022 we detected over 700 instances of the cryptojacker using the DLL sideloading vulnerabilities.

Recommendations

Bitdefender recommends OneDrive users to ensure their security solution and operating systems are up-to-date; avoid cracked software and only download applications from trusted sources. Businesses should go further by tuning security solutions to monitor for DLL sideloading and applying IOCs to prevention and endpoint detection and response (EDR) solutions.

An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known Indicators of Compromise can be found in the whitepaper below.

Download the research paper

tags


Author



Right now

Top posts

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read
A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EyeSpy - Iranian Spyware Delivered in VPN Installers EyeSpy - Iranian Spyware Delivered in VPN Installers
Janos Gergo SZELESBogdan BOTEZATU
2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Bitdefender

January 05, 2023

1 min read
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Adrian SCHIPORVictor VRABIE
1 min read