Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Cryptojacking Campaign Exploits Vulnerabilities with XMRig Miner

Cryptojacking Campaign Exploits Vulnerabilities with XMRig Miner

Posted on February 23, 2026 By CWS

Cybersecurity experts have revealed details of an advanced cryptojacking operation that leverages pirated software bundles to deploy a custom XMRig miner on infected systems. This campaign, carefully analyzed by Trellix researchers, showcases a complex infection strategy aimed at maximizing cryptocurrency mining efficiency, which can often destabilize the victim’s system.

Innovative Tactics and Spread

The malicious campaign begins with social engineering tactics, luring users with the promise of free premium software. These pirated bundles, including popular office software installers, deceive users into downloading malware-laden files. The infection is orchestrated by a binary that functions as the attack’s central control, managing installation, monitoring, and various attack phases.

This binary’s modular architecture allows for flexible execution of tasks such as cryptocurrency mining, privilege escalation, and ensuring persistence, even if some components are disabled. Its worm-like behavior enables it to spread through external storage devices and across air-gapped environments, vastly increasing its reach.

Technical Exploits and Persistence

The malware employs a bring your own vulnerable driver (BYOVD) technique, utilizing a legitimate but flawed driver known as ‘WinRing0x64.sys’ to gain elevated privileges. This vulnerability, tracked as CVE-2020-14979, is exploited to enhance mining performance by up to 50%.

A distinctive feature of this variant is its aggressive propagation capability, transforming it from a simple Trojan into a sophisticated worm. The campaign’s activity was notable throughout November 2025, culminating in a significant increase by December 8, 2025, illustrating its disruptive potential.

The Role of AI in Cybercrime

The campaign also highlights the growing role of AI in cybercrime. Darktrace identified malware likely crafted using large language models (LLMs), exploiting the React2Shell vulnerability to deploy an XMRig miner. This demonstrates how AI tools are simplifying the creation of effective exploit frameworks.

Further investigations revealed a toolkit named ILOVEPOOP, which scans for systems vulnerable to React2Shell. Notably, this activity targeted sectors such as government and finance, suggesting deliberate strategic planning. Despite the expertise in developing such tools, the execution has been marred by operational errors, hinting at a division of labor between developers and operators.

This sophisticated cryptojacking campaign underscores the evolving landscape of malware threats, where traditional techniques are being enhanced by modern technologies such as AI. As attackers continue to innovate, cybersecurity defenses must adapt to these emerging challenges to protect valuable digital assets.

The Hacker News Tags:AI in cybercrime, BYOVD, Cryptojacking, Cybersecurity, Exploitation, Malware, React2Shell, Vulnerability, Wormable, XMRig miner

Post navigation

Previous Post: Microsoft MFA Faces Major Disruption with 504 Errors
Next Post: MIMICRAT RAT Unveiled in Complex ClickFix Cyber Attack

Related Posts

Meta Enhances AI with External Business Data Meta Enhances AI with External Business Data The Hacker News
NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors The Hacker News
North Korean Hackers Exploit AI for Enhanced Cyber Attacks North Korean Hackers Exploit AI for Enhanced Cyber Attacks The Hacker News
AI Browsers Vulnerable to Credential Leaks via BioShocking AI Browsers Vulnerable to Credential Leaks via BioShocking The Hacker News
Fake OpenAI Repo Delivers Malware on Hugging Face Fake OpenAI Repo Delivers Malware on Hugging Face The Hacker News
Adapting Security Strategies for Near-Zero Exploit Windows Adapting Security Strategies for Near-Zero Exploit Windows The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI-Powered Forg365 Platform Targets Microsoft 365 Accounts
  • CISA Reviews Cybersecurity Incident from AWS Credential Leak
  • Dell BIOS Vulnerability Enables Quick Password Retrieval
  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI-Powered Forg365 Platform Targets Microsoft 365 Accounts
  • CISA Reviews Cybersecurity Incident from AWS Credential Leak
  • Dell BIOS Vulnerability Enables Quick Password Retrieval
  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark