Closed ghost closed 1 year ago
Why mining pools must be blocked?
The article under additional information explains it.
In short, those are the mining pools used by the exploit which are written to a config after the vulnerable Redis distribution is prepared.
This is not a reason to block public pools. Those who have been infected are not likely using our DNS)
Prerequisites
Problem description
There was a recent discovery into a new cryptojacking campaign by Cado Labs which identifies a range of new mining pools to add to the AdGuard Base filter cryptominers filter.
A custom XMRig configuration is written to disk, which registers the miner with the following mining pools:
xmr.pool.gntl.co.uk pool.hashvault.pro xmr-eu1.nanopool.org monerohash.com pool.supportxmr.com ca.monero.herominers.com xmrpool.eu pool.xmrfast.com pool.xmr.pt
Proposed solution
Block the above in the AdGuard Base cryptominers filter.
Additional information
https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/