The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations’ Networks – Disposable mail news

Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”.

The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect.

Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”.

After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous crypto-currency mining application particularly for the “Monero (XMR)” crypto-currency.

As per reports, if the public-facing IIS servers are linked with a company’s internal network, the malware group has a probability of trying to expand internally through an improperly-secured Server Message Block (SMB) connections or Remote Desktop Protocol ((RDP).

The exact number of infections that the botnet has caused isn’t all too clear but if an estimate was to be made the operations include 1,000 infections at the least. There also doesn’t seem to be a way to find the intensity of the threat.

Not many organizations out of the ones that were being observed by the researchers have been hit with this particular threat. And over a really little amount of time that they were tracked the above-mentioned number of infections surfaced.

Nevertheless, all companies alike are susceptible to this attack, even the ones that think they are safe and the number of infections could be more than estimated.

As per sources, the Telerik UI component which is allegedly vulnerable is a part of ASP.NET applications that run on their latest versions, even then the Telerik component may have versions that are out-dated but harmful to organizations, nonetheless. This component could exist in the applications used by a company and they might not even know about it leaving them endangered.

The Telerik UI CVE-2019-18935 vulnerability, per reports, has been widely let known as the one that is employed to embed web shells on servers. Another mentioned that this vulnerability is the most exploited and organizations need to better their firewalls to fight it. If for some reason the organizations don’t happen to have a web firewall they could always look for warning precursors in the server and workstation, reports cite.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

European supercomputers hacked to mine cryptocurrency – 10 minute mail

Several high-performance computers working on COVID-19 research have been forced offline following a string of attacks

Multiple supercomputers across Europe that are working on COVID-19 research have been targeted by cryptocurrency-mining attacks over the past week. The reports of the incursions started pouring in last Monday, when supercomputers in the United Kingdom and Germany were among the first victims.

Last Monday, the UK’s National Supercomputing Service ARCHER announced that it’d disabled access to its system following the exploitation of its login nodes. The incident is under investigation; according to the notice on the organization’s website, all of the Secure Shell (SSH) keys and ARCHER passwords will be rewritten and no longer be valid. “When ARCHER returns to service all users will be required to use two credentials to access the service: an SSH key with a passphrase and their ARCHER password,” said the center.

Meanwhile, the Baden-Württemberg High Performance Computing of Germany said on its website that it was attacked on the same day as well, leading it to take five of its clusters offline citing a security incident.

However, it wasn’t the only German supercomputer center to be hit. On Thursday, the Leibniz Supercomputing Centre announced that it was temporarily closing access, with the Jülich Supercomputing Centre following suit by taking its JURECA, JUDAC, and JUWELS systems offline due to a “security incident”.

BleepingComputer said that as many as nine German supercomputers may have fallen victim to the attacks.

And that’s still not all. The Swiss National Super Computing Center also acknowledged an attack and said over the weekend that academic centers in Europe and around the world alike were fighting off cyberattacks and since it detected malicious activity as well, it was shutting off external access to its center.

“We are currently investigating the illegal access to the center. Our engineers are actively working on bringing back the systems as soon as possible to reduce the impact on our users to a minimum,” said CSCS’ director Thomas Schulthess.

The European Grid Infrastructure (EGI) published the findings of its Computer Security Incident Response Team (EGI-CSIRT), which investigated two of the security incidents that may or may not be related. Based on their analysis, the bad actor used compromised SSH credentials to gain access to the systems and use them to mine Monero. EGI-CSIRT pointed out that there are victims in Europe, as well as in China and North America; however, it wasn’t able to confirm how the SSH credentials were stolen.

As of now, there is no official statement on whether the attacks were carried out by one threat actor or by various groups. But one might speculate that there might be some relation between them, since the targets were similar, and the attacks were carried out over the span of one week.

ESET cybersecurity specialist Jake Moore had this to say about the attacks: “What’s interesting about this is that it seems hackers have targeted the supercomputers completely remotely for the first time, as before there has always been an insider who installs the cryptomining malware used for the attack. All the SSH login credentials will now need resetting, which may take a while, but this is vital to stop further attacks. Once a list of credentials is compromised, it is a race against time to have these reset. Unfortunately, the lead time is usually enough of a head start for threat actors to take advantage of the mining software,” he added.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

FinCEN Chief Blanco warns of Wide Scale Virtual Currency Scams – Disposable mail news


Financial Crimes Enforcement Network (FinCEN) is keeping a close watch on financial scams involving virtual currency payments as the COVID-19 pandemic opens new areas of exploitation said, Director Ken Blanco.

As we are stuck in an unfortunate period of emergency, these scammers are exploiting this vulnerability from extortion, ransomware, and the sale of fraudulent medical products, to initial coin offering investment scams.

“This type of cybercrime in the COVID-19 environment is especially despicable, because these criminals leverage altered business operations, decreased mobility, and increased anxiety to prey on those seeking critical healthcare information and supplies, including the elderly and infirm,” the Financial Crimes Enforcement Network chief told the virtual Consensus Blockchain Conference in a video conference.

Blanco stressed on the need for collaborating with other law enforcement agencies and working together to beat this issue by generating much-needed funds to help the recipients and for financial survival.

 “The need for our collaboration is clear and undeniable,” he stated.

He further delved into the cyber crimes occurring because of COVID-19 as much of the population and government employees are working from home these cybercriminals are attacking vulnerabilities in remote applications like VPN (virtual private networks) and remote desktop protocol in order to steal information.

Blanco advised companies to pay due diligence and advise the same to the customers.

“Financial institutions should consider the risks of the current environment in their business processes, and the appropriate level of assurance needed for digital identity solutions to mitigate criminal exploitation of your products and platforms.”

FinCEN has also worked with other law enforcement initiatives like the Joint Criminal Opioid Darknet Enforcement (J-CODE) and National Cyber Investigative Joint Task Force (NCIJTF) in cases like criminals exploiting crypto for the purchase of fentanyl.

The virtual currency business has to be very vigilant and properly scrutinized as there are a number of miscreants persistently attacking their onboarding and authentication processes. FinCEN, since 2013 has received nearly 70,000 Suspicious Activity Reports (SARs) of cryptocurrency fraud alone. During COVID-19, this threat becomes ten fold.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Attention! Fake Extensions on the Chrome Web Store Again! – Disposable mail news

Reportedly, Google was in the news about having removed 49 Chrome extensions from its browser’s store for robbing crypto-wallet credentials. What’s more, after that, there surfaced an additional set of password-swiping “extensions” aka “add-ons”, which are up for download even now.

Per sources, the allegedly corrupt add-ons exist on the browser store disguised as authentic crypto-wallet extensions. These absolutely uncertified add-ons invite people to fill in their credentials so as to make siphoning off them easy and the digital money accessible.

Reports mention that the security researchers have affirmative information as to 8 of the 11 fake add-ons impersonating legitimate crypto-wallet software being removed including “Jaxx Ledger, KeyKeep, and MetaMask.” A list of “extension identifiers” which was reported to Google was also provided.

Per researchers, there was a lack of vigilance by the Google Web Store because it apparently sanctions phisher-made extensions without giving the issue the attention it demands. Another thing that is disturbing for the researchers is that these extensions had premium ad space and are the first thing a user sees while searching.

According to sources, much like the Google Play Store with malicious apps, the Google Web Store had been facing difficulty in guarding itself against mal-actors. There also hadn’t been much of a response from their team about the issue.

One solution that was most talked about was that Google should at the least put into effect mechanisms in the Chrome Web Store that automatically impose trademark restrictions for the store and the ad platforms in it.

Per sources, Google’s Chrome Web Store “developer agreement” bars developers from violating intellectual property rights and also clearly mentions “Google is not obligated to monitor the products or their content”. Reports mention that as per the ad policy of Google, it could review trademarks complaints from trademarks holders only when it has received a complaint.

Google heeding all the hue and cry about the extensions did herald more restrictions with the motive of wiping away traces of any fake extensions and spammers creating bad quality extensions that were causing people trouble.

The alterations in the policy will block the spammers and developers from swarming the store with similar extensions and elements with questionable behavior. Word has it that because of hateful comments the Chrome Web Store was “locked down” in January.

But, as promising as it may be, allegedly Google has been making such promises about the Chrome Web Store security strengthening for more than half a decade. So no one can blame researchers for their skepticism.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Bitcoin Prices Are Off The Charts! – Disposable mail news

Bitcoin, our favorite digital currency has experienced a certain kind of unbelievable hike, all of a sudden. It has profited across several markets with a spike of 12% in its price solely in the last week, mention sources.

Word has it that the Bitcoin price has risen around 6% in the last 24-hour trading duration, overtaking next to all main indices, even the stocks throughout Asia and Europe.

Bitcoin and other forms of digital currency including cryptocurrency have escalated around the globe owing it to the Coronavirus lockdowns.

Per sources, The Bitcoin price has outgrown the $7,000/Bitcoin level and is ascending to “$7,170 on the Luxembourg-based Bitstamp exchange”.

As if they knew things were going to go south, the Bitcoin investors were up and about right from the start of this year. In fact, surveys indicate that the Bitcoin price has a high probability of rocketing up to $20,000/Bitcoin in 2020.

The basic foundational facets for a better Bitcoin system exist today owing to various developmental projects in the crypto industry. An in case of such massively unprecedented crisis investors would want to fall back upon digital currency

Asian and European markets furthered their reserves by 3% and 2-4%. Researchers mention that Bitcoin purchases could have a positive effect on the stock markets.

History has it that the Bitcoin price has seen a major upswing before from a low $1,000 to a high $20,000 in a matter of a year.

Investors are in genuine awe with this ascent in the prices of Bitcoin and see this as a new opportunity for cryptocurrency in general because of the fresh interest the market has shown for it.

Per analysts, this year investors may need to rethink their current cryptocurrency store and even pile up more of it in case of increased demand because of risk assets.

Everyone understands that if the things were to stay the way they are there is a strong chance for a longer period of intense recession.

This has given birth to questions regarding the effect of COVID-19 on the economy and the part Bitcoin could play in it.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Cryptocurrency Profit Reaches $182.62 Billion, Bitcoin Rises upto 10% in 24 Hours – Disposable mail news


According to data by Coindesk, the cryptocurrency value suddenly increased on Tuesday. And this comes as a matter of surprise as the whole trade market is suffering heavy losses due to coronavirus pandemic. Witnessing this sudden increase in the Cryptocurrency’s value, Bitcoin eventually rose up to 10% in a single day, as trading prices reached $6,569.17 around noon, Singapore time.

Meanwhile, Ethereum’s value has increased by 7%, whereas XRP witnessed a jump rate of over 5% in its prices.

The total value of the cryptocurrency trading market- Market Capitalization, recorded a surprising leap of $14 Billion to $182.62 Billion within a mere 24 hours at 11:47 am Singapore time, says the data of the website Coinmarketcap.com.

The entire Cryptocurrency market suffered severe losses at the start of March. On 8th March, the whole business failed when oil prices took a hard fall. Furthermore, on 12th March, the Cryptocurrency lost $93.5 of its value within a day, and even worse, Bitcoin suffered a 48% fall in its prices.

As observed, the growth of Cryptocurrency is marching foot by foot with the Equity market. Since recent years, people have started viewing Bitcoin as ‘digital gold,’ having complete faith that investing in it even under times of economic slowdown can be profitable. Unfortunately, Bitcoin, like the Equity market too, started suffering losses and became a risk asset, especially since the start of this year.

“We’re seeing some bullish bitcoin price action today along with other asset classes after the Fed announced unprecedented measures yesterday to shore up the economy. It will be interesting to see how bitcoin fares in such an environment. Given this is its first test as a haven asset in a market downturn and is yet to be proven,” says Vijay Ayyar in a conversation with CNBC.

 Key takeaways:

  • Bitcoin rose over 10% in 24 hours, earlier exchanging at $6,569.17. 
  • Ethereum and XPR also witnessed an increase in their prices. 
  • The market value rose from $14 Billion to $182.62 within a day.
  • The cryptocurrency market took a hard beating at the start of March due to the coronavirus outbreak.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Bitcoin crashes 20% within an hour amid Coronavirus mayhem – Disposable mail news


The price of cryptocurrency Bitcoin tumbled drastically, losing 20 percent of its value within an hour. The value of Bitcoin came below 600 dollars, the lowest since 2019 because of the cryptocurrency crash.

Many other cryptocurrencies were also affected with significant losses and Bitcoin losing one-third of its value. Ethereum is down 27% in 4 days, making it the worst-hit cryptocurrency.

Several experts and cryptocurrency analysts are blaming the Covid-19 coronavirus outbreak for the crash and plumbing of the global economy.

“Bitcoin has fallen as cryptocurrencies become caught up in the turmoil we’re seeing in traditional markets,” Simon Peters, a market analyst at online trading platform eToro, reports The Independent.

“Previously seen as a possible safe haven in difficult times, investors now seem to be selling out to take back liquidity in case the coronavirus spreads even further. In a time of uncertainty, many investors might feel it is better to own cash or gold rather than more speculative cryptocurrencies like bitcoin.”

The virus declared as a pandemic by the World Health Organization on Wednesday has made the global economy standstill with continuous losses and falling stocks.

The Independent reports, “One economic forecaster, who predicted the 2008 global financial crash, warned that another crash is on the way. Jesse Colombo described coronavirus as “the one-two punch” that will send the economy “hurtling towards recession”.” 

Experts say that the cryptocurrency prices will keep falling down further, an unfortunate turn to those who were relying on the cryptocurrency for market flow in difficult times.

This drop means that around 50 billion dollars have been lost from Bitcoin’s whole value.
It is the most drastic and severe crash since Bitcoin’s inception. 

Though the cryptocurrency market is always volatile, researchers say that it’s not the end. They are comparing the crash with 2017, when Bitcoin value shrewd by 20,000 dollars and it recovered. They say that the price and economic graphs are very similar and thus the cryptocurrency will make a comeback.

And famous whistleblower Edward Snowden backs the claim tweeting, “This is the first time in a while I’ve felt like buying bitcoin. That drop was too much panic and too little reason.”


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Hackers Attack IOTA’s Trinity Wallet, Company Shuts Down the Network – Disposable mail news


The hackers attacked the IOTA’s cryptocurrency wallet and stole all the funds. The theft happened by exploiting a vulnerability in the IOTA’s networks.
Attack took place on 12th February 2020, and the company informed about the incident via its official account on twitter. The tweet said that the IOTA is presently investing an attack on its trinity wallet. IOTA has advised its users not to share or use the Trinity Wallet on their desktop until the case has been solved. According to the news, the IOTA is currently working with cybersecurity experts and law agencies to go to the roots of the problem that has caused the cryptocurrency theft.

The company, on its official website, announced that because of the theft of funds, it has shut down its ‘Coordinator’ node for a while to protect the users. The Coordinator works as a final checkpoint for safety assurance of the transactions that take place on IOTA’s network.
According to the company, the decision to shut down the Coordinator node is to protect any further fraudulent transactions that might take place on IOTA’s network. IOTA says that the hackers chose to attack the high profile accounts first, and then moved on to smaller accounts, and so on until the transactions were stopped by the coordinator.

“The attack pattern analysis showed that the halt of the coordinator interrupted the attacker’s attempts to liquidate funds on exchanges,” said the IOTA’s official website. “The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation, and with the current token exchange rate as well as exchanges’ KYC limits in mind. We received additional feedback from more exchanges (not all yet), confirming that none of the identified transactions has been received or liquidated.”

As of now, IOTA’s network system is still not active, and the company is still investigating the issue.
Cybersecurity experts and members of the IOTA say that the hackers found a vulnerability in the Trinity wallet and were thus able to launch the attack. IOTA hasn’t announced anything about the amount stolen but the experts believe it to be around $1 Million IOTA coins or more.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Hackers used the websites of Russian government agencies to extract cryptocurrency – Disposable mail news

According to the deputy head of the National Coordination Center for Computer Incidents of the FSB, Nikolai Murashov, encryption viruses decreased their activity last year and were replaced by malware. In particular, these programs have changed for crypto-jacking or hidden cryptocurrency mining.

Murashov noted that the software for hidden mining uses up to 80% of the free power of the device, and the user may not know about it. According to him, the seizure of server capacities of large organizations for the purpose of mining cryptocurrencies threatens to severely reduce their productivity and harm their main activities.

Murashov said that hackers attack not only large companies but also ordinary users, for example, by mining through a browser while visiting infected web pages. Browser companies have already begun to struggle with this problem. So, in April of last year, the Mozilla Firefox introduced protection against crypto-jacking.

In addition, the number of installations of shadow miners on computers of ordinary users has increased. Last year alone, more than 50,000 such incidents were recorded.

“The scope of activities of shadow miners expanded over the past year. Hackers started using new software that is difficult to track because of the special code structure. Some applications are developed specifically for government servers and gaining control over them. Programs use computing power for mining, but administrators can only notice this during a detailed audit,” said Murashov.

In Russia, the most high-profile incident last year was an incident with miners who mined cryptocurrency on the computers of the nuclear center in Sarov. The attackers, who turned out to be employees of the organization, used the equipment for their own purposes for several years.

Companies around the world are being attacked by ransomware viruses and crypto-jacking. Recently, a cybersecurity company Proofpoint, reported that in 2019, more than half of all public and private organizations in the United States were subjected to virus attacks and phishing. In this regard, regulators are beginning to take decisive action.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Malware Against Crypto-Currency Businesses; Microsoft and Apple are Targets Alike – Disposable mail news

“AppleJeus” operation was the first time “macOS” users were made victims by Lazarus. Herein, a manipulated application was used to target potential victims. Apparently, Lazarus used customized malware, especially for macOS users.

Per leading sources, the malware had been so fabricated that it released the current and the next-stage payload automatically without any manual actions required. For attacking Windows users a multi-stage infection procedure was fabricated.

Reportedly, compromising “crypto-currency” related business was the major objective of “AppleJeus” and Lazarus at large. The macOS malware employed the source course only to structure “macOS” installers. Allegedly, “QtBitcoinTrader” was used.

However, the hackers at Lazarus altered the macOS malware. For starters, it no more has an encryption/decryption network communication routine as per reports.

In another case, the .NET malware was disguised as Wallet updaters like “wfcwallet.com” and “www.chainfun365.com”. Herein, the multi-stage infection took place but in a different way.

Later on files of the likes of “rasext,dll” and “msctfp.dat” are uploaded onto the target’s system. Allegedly, the Remote Access Connection Manager was also into play.

Per sources, there was another case where a highly altered form of the macOS malware was at work. Similar to other cases, the fake website and application were being called by the attacker. The apparent differences as per reports in the attack are as follows:
o The malicious application was hosted via “GitHub”.
o The post-installation script of the macOS malware was different as well.
o This version used “ADVobfuscator” to hide its code.
o The author of this modified macOS malware utilized “Object-C” and not QT framework.

In a different attack, the post-install script was the same as the previous attack; the author here had used “SWIFT” for the development of the malware. The method of data collection was changed and then the conduct authentication began. According to sources, the “auth_signature and auth_timestamp” parameters were used to deliver the second payload. The current system time of the device is acquired by the malware and then it’s combined with the “12GWAPCT1F011S14” hard-coded string and an “MD5 hash” is created. The hash is used as the “auth_signature” parameter and the time is used as the value of the “auth_timestamp” parameter. These values can be reproduced as well and finally, the second payload is uploaded.

Apart from all the macOS cases, there was a Windows incident as well. Per sources, a version of the “UnionCryptoTrader” was found. Allegedly, the “Telegram messenger” was at play. The infection procedure was pretty much the same as one of the previous cases with an add-on. A final backdoor payload was done. This version showed numerous exchange rates for crypto-currency.

Reportedly, the Windows malware uploads the encrypted “msctfp.dat file” and loads all the configuration values. Later an extra command is executed as per the contents of the file. Finally, the malware communicates with the C2 server, a post request is sent.

Several parameters are sent and according to the response code from the C2 server, the “POST” request is sent through along with the encrypted data and a random value that could be used to identify individual victims.

Innumerable fake websites were found still in action. The fake websites were crypto-currency oriented but could easily be identified as fake if looked at with a keen eye.

Part 2 of the “AppleJeus” had its victims spread across, Poland, China, Russia, and the US with most of them related to businesses involving crypto-currency.

Lazarus group has been quite a matter of talk for a very long time. It especially continues to be a matter of concern for the cyber-world.

The AppleJeus and other malware that exist and would exist in the future are evolving by the hour. Crypto-currency associated businesses are the key and foremost objects of Lazarus and other threat actors and hence need to be more vigilant than ever.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.