1 min read

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Cryptojackers have become very lucrative for cybercriminals in recent years as the price of cryptocurrency soared. From data breaches to PUAs to warez downloads, coin miners and cryptojackers crop up steadily in our threat landscape reports.

However, to meet their financial expectations, cybercriminals are taking new approaches to planting and loading cryptojackers on victims’ computers. This is the case of an active cryptojacking campaign that uses a Dynamic Library Link (DLL) hijacking vulnerability in OneDrive to achieve persistence and run undetected on infected devices.

In this paper we describe a cryptojacking campaign in which the attackers exploit known DLL Side-Loading vulnerabilities in Microsoft OneDrive.

Download the research paper

Key findings

  • Bitdefender identified and documented a cryptojacking campaign exploiting known DLL sideloading vulnerabilities in Microsoft OneDrive.
  • Between May 1 to July 1, 2022 we detected over 700 instances of the cryptojacker using the DLL sideloading vulnerabilities.

Recommendations

Bitdefender recommends OneDrive users to ensure their security solution and operating systems are up-to-date; avoid cracked software and only download applications from trusted sources. Businesses should go further by tuning security solutions to monitor for DLL sideloading and applying IOCs to prevention and endpoint detection and response (EDR) solutions.

An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known Indicators of Compromise can be found in the whitepaper below.

Download the research paper

tags


Author



Right now

Top posts

A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android SharkBot Droppers on Google Play Underline Platform's Security Needs Android SharkBot Droppers on Google Play Underline Platform's Security Needs
Elena FLONDORAlbert ENDRE-LASZLOVlad Sebastian CREȚUAdina MATEESCUAlexandra BOCEREGSilviu STAHIE
5 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild
Balint SZABOJanos Gergo SZELES
1 min read
Under Siege for Months: the Anatomy of an Industrial Espionage Operation Under Siege for Months: the Anatomy of an Industrial Espionage Operation
Alexandru MAXIMCIUCVictor VRABIE
1 min read