{"id":3359,"date":"2017-10-06T15:14:39","date_gmt":"2017-10-06T13:14:39","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=3359"},"modified":"2017-10-06T15:14:39","modified_gmt":"2017-10-06T13:14:39","slug":"malwares-crypto-monnaies-et-fournisseurs","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/malwares-crypto-monnaies-et-fournisseurs\/","title":{"rendered":"Malware, cryptocurrencies, and providers"},"content":{"rendered":"<p>While 2016 saw the explosion of <em>ransomware<\/em>, Another family of malware has been appearing frequently in mass attacks for some time now:\u00a0<em>cryptominers<\/em>.<\/p>\n<p>The operating principle is simple and answers the question: &quot;Why wait for the hypothetical payment of a ransom when you can directly exploit a victim&#039;s resources to generate income?&quot; By exploiting the principle of mining, which rewards the community with cryptocurrency for transaction verification operations carried out.<\/p>\n<p>In particular, the malware <em>Adylkuzz<\/em> discovered last May exploited the attack <em>ETERNAL BLUE<\/em>\u00a0to establish a presence on servers exposed to the internet and mine cryptocurrency <em>Monero<\/em>.<\/p>\n<p>More recently, the site <em>CoinHive<\/em> made available to the public a program developed in JavaScript that allows mining <em>Monero<\/em>. While the code itself is not malicious, the prevalence of JavaScript on the web quickly led to attacks injecting the script into web pages to exploit visitors&#039; browsers and mine this cryptocurrency without their knowledge. Two main types of scenarios have been identified:<\/p>\n<ul>\n<li>Malicious actors deploying the script on a victim site, either by directly exploiting a vulnerability or through an advertising network; ;<\/li>\n<li>Webmasters voluntarily install the program to generate additional revenue from visits to their site.<\/li>\n<\/ul>\n<p>We identified a third case during a routine investigation. A Chrome extension (<em>Short URL (goo.gl)<\/em>, (fortunately not very widespread) has included a file since its latest version\u00a0<em>bit.js<\/em> containing the JavaScript program of <em>CoinHive<\/em>, and appears to run it continuously as long as the extension is active.<\/p>\n<p>Even though the malicious activity here is small-scale and only results in excessive CPU usage for the victims, it seems interesting in a context evolving towards targeted attacks on suppliers. The extension <em>Web Developer<\/em>\u00a0For example, Chrome was targeted a few weeks ago and carried malicious code for a few days. On a different scale, the infection\u00a0<em>NotPetya<\/em> had spread through the compromise of the software vendor&#039;s update system <em>ME Docs.<\/em> Finally, the attack distributing versions <em>backdoored\u00a0<\/em>of\u00a0<em>CCleaner<\/em> initially discovered two weeks ago had potentially affected millions of users but ultimately targeted only a limited number of companies.<\/p>\n<p>These events highlight the importance of having a clear view of the third-party solutions installed on an information system in order to assess the impact of a compromise of these products. Guaranteeing the security of an element over which the company does not have complete control is impossible, but measures can still be implemented to reduce the attack surface, segment systems, and facilitate response during an incident. To conclude and return to\u00a0<em>NotPetya<\/em>, adhering to &quot;basic&quot; hygiene rules on the segregation of privileged accounts was sufficient to neutralize the main effects of the malware.<\/p>","protected":false},"excerpt":{"rendered":"<p>While 2016 saw the explosion of ransomware, another family of malware has been appearing frequently since [\u2026]<\/p>","protected":false},"author":1,"featured_media":3369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,22],"tags":[],"class_list":["post-3359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cert","category-veille-securite"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Malwares, crypto-monnaies et fournisseurs - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/malwares-crypto-monnaies-et-fournisseurs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malwares, crypto-monnaies et fournisseurs\" \/>\n<meta property=\"og:description\" content=\"Si 2016 a connu l&rsquo;explosion des ransomwares, une autre famille de malwares appara\u00eet fr\u00e9quemment depuis [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/malwares-crypto-monnaies-et-fournisseurs\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-06T13:14:39+00:00\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"Malwares, crypto-monnaies et fournisseurs\",\"datePublished\":\"2017-10-06T13:14:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/\"},\"wordCount\":540,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"CERT\",\"Veille S\u00e9curit\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/\",\"name\":\"Malwares, crypto-monnaies et fournisseurs - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2017-10-06T13:14:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/malwares-crypto-monnaies-et-fournisseurs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malwares, crypto-monnaies et fournisseurs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Malware, cryptocurrencies and providers - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/malwares-crypto-monnaies-et-fournisseurs\/","og_locale":"en_US","og_type":"article","og_title":"Malwares, crypto-monnaies et fournisseurs","og_description":"Si 2016 a connu l&rsquo;explosion des ransomwares, une autre famille de malwares appara\u00eet fr\u00e9quemment depuis [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/malwares-crypto-monnaies-et-fournisseurs\/","og_site_name":"INTRINSEC","article_published_time":"2017-10-06T13:14:39+00:00","author":"Intrinsec","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"Malwares, crypto-monnaies et fournisseurs","datePublished":"2017-10-06T13:14:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/"},"wordCount":540,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#primaryimage"},"thumbnailUrl":"","articleSection":["CERT","Veille S\u00e9curit\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/","url":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/","name":"Malware, cryptocurrencies and providers - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#primaryimage"},"thumbnailUrl":"","datePublished":"2017-10-06T13:14:39+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/malwares-crypto-monnaies-et-fournisseurs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Malwares, crypto-monnaies et fournisseurs"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=3359"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3359\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=3359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=3359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=3359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}