{"id":126221,"date":"2021-08-14T11:22:41","date_gmt":"2021-08-14T18:22:41","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/08\/cryptomining-botnet-alters-cpu-settings-to-boost-mining-performance"},"modified":"2021-08-14T11:22:41","modified_gmt":"2021-08-14T18:22:41","slug":"cryptomining-botnet-alters-cpu-settings-to-boost-mining-performance","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/08\/cryptomining-botnet-alters-cpu-settings-to-boost-mining-performance","title":{"rendered":"Cryptomining Botnet Alters CPU Settings to Boost Mining Performance"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cryptomining-botnet-alters-cpu-settings-to-boost-mining-performance2.jpg\"><\/a><\/p>\n<p>Uptycs Threat Research Team has <a href=\"https:\/\/www.uptycs.com\/blog\/cryptominer-elfs-using-msr-to-boost-mining-process\">discovered<\/a> malware that not only hijacks vulnerable *nix-based servers and uses them to mine cryptocurrency but actually modifies their CPU configurations in a bid to increase mining performance at the cost of performance in other applications.<\/p>\n<p>Perpetrators use a Golang-based worm to exploit known vulnerabilities like <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-14882\" target=\"_blank\">CVE-2020\u201314882<\/a> (Oracle WebLogic) and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-11610\" target=\"_blank\">CVE-2017\u201311610<\/a> (Supervisord) to gain access to Linux systems, reports <a href=\"https:\/\/therecord.media\/crypto-mining-botnet-modifies-cpu-configurations-to-increase-its-mining-power\/\">The Record<\/a>. Once they hijack a machine, they use <a href=\"https:\/\/en.wikipedia.org\/wiki\/Model-specific_register\">model-specific registers<\/a> (MSR) to disable the hardware prefetcher, a unit that fetches data and instructions from the memory into the L2 cache before they are needed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Uptycs Threat Research Team has discovered malware that not only hijacks vulnerable *nix-based servers and uses them to mine cryptocurrency but actually modifies their CPU configurations in a bid to increase mining performance at the cost of performance in other applications. Perpetrators use a Golang-based worm to exploit known vulnerabilities like CVE-2020\u201314882 (Oracle WebLogic) and [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34],"tags":[],"class_list":["post-126221","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/126221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=126221"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/126221\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=126221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=126221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=126221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}