As it is now known, among the many ways of attacking computer systems by hackers there is also one that provides for them exploitation in order to extract a specific cryptocurrency.
In practice the system is infected and forced to work for the mining, without the owner noticing. Or rather without it being able to trace its evident slowdown to the attackers taking possession of the device. With consequences which, however, will also be felt on the electricity bill, due to the increase in costs caused by the attack.
Blue Mockingbird: what is it?
The system we have just described is typical of Blue Mockingbird, a new group of cybercriminals, who is inspired by the name of a Mexican bird, the blue mocking thrush.
The group basically manages to exploit one vulnerability in the ASP.net Telerik framework in order to go install a version of XMR Reg, a cryptocurrency extraction software Monero (XMR).
So in this case the goal is not to harm the user in some way, but to exploit him to his advantage. Of course, nothing ensures that this kind of attack cannot evolve into something different at a later date.
The related problems
In the case of Blue Mockingbird, however, the problem created becomes complicated to remove. In fact, Telerik is used in a long series of projects and many developers and system administrators are unaware that the offending framework is being used by their software.
It should also be stressed that older versions are vulnerable. Newer versions of Telerik do not contain the vulnerability, but updating the software that uses the framework may not be conclusive.
The attack can be viral
Blue Mockingbird, in fact, does not just infect servers made accessible from the Internet, but it also takes care of infiltrating the networks connected to them. The plan is clear enough: to infect additional devices to expand the network made available for Monero mining.
It was all to find out red canary, a company operating in the cybersecurity sector, which however was able to trace what happened only to its customers. It is therefore assumed that many others have been infected in the meantime, in addition to about a thousand discharged by Red Canary. The count has not yet been made, but the very wide spread of Telerik makes us fear the worst.
We need to navigate with great caution
Blue Mockingbird is just the latest testament to the pervasiveness of the hacking attacks. Hacking is increasingly present online and relies on the fact that too many web users persist in surfing without taking any precautions to avoid accidents in this sense.
For their part, hackers are used to giving life to a constant updating work, aimed at exploiting any opportunity in order to infect the most exposed devices. Just think of using sites on the coronavirus aimed at releasing malware to those seeking information on Covid-19. Or to that of wallpaper and music files related to current events, as happened for events like the last Grammy Awards or in the case of the tragic disappearance of Kobe Bryant.