Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Crypto Mining Malware Targets Air-Gapped Systems via USB

Crypto Mining Malware Targets Air-Gapped Systems via USB

Posted on February 19, 2026 By CWS

A new and sophisticated cryptocurrency mining campaign has been identified, posing a threat to systems via external storage devices, with the capability to infiltrate even air-gapped environments. This malware uses advanced techniques to ensure persistence and expand its reach.

Infection Mechanics and Propagation

The malware initiates its attack through pirated software that pretends to be legitimate office productivity suite installers. Once activated, it deploys multiple components that work together to maintain its presence and maximize Monero cryptocurrency mining output. Its persistence is further supported by watchdog processes that ensure the malware can recover quickly if any component is terminated.

What sets this campaign apart is its ability to spread through external drives. When a user connects a USB flash drive or an external hard disk, the malware automatically transfers itself to the device, creating hidden folders with misleading shortcuts. This enables the malware to move across networks, even affecting air-gapped systems through physical media transfer.

Technical Sophistication and Kernel Exploitation

The malware employs kernel-level exploitation to enhance its performance. By using a Bring Your Own Vulnerable Driver technique, it deploys a legitimate but vulnerable driver, WinRing0x64.sys, which contains CVE-2020-14979. This allows the malware to gain kernel privileges, bypassing standard security measures.

With kernel access, the malware modifies CPU registers to optimize the RandomX mining algorithm, increasing the Monero mining efficiency by 15 to 50 percent. This is achieved without writing malicious drivers, utilizing the vulnerable driver’s valid digital signature instead.

Preventive Measures and Security Recommendations

The campaign operates with a planned lifecycle, utilizing temporal controls that activate cleanup routines after December 23, 2025, suggesting strategic planning by the attackers. To combat this threat, organizations are advised to enforce Microsoft’s Vulnerable Driver Blocklist and implement device control policies to restrict the use of removable media.

Additionally, security teams should configure web filtering to block connections to mining pools and raise awareness about the risks of pirated software. These steps are crucial in preventing the spread of this sophisticated malware.

Stay informed with the latest updates in cybersecurity by following us on Google News, LinkedIn, and X. Make CSN a preferred source on Google for instant news.

Cyber Security News Tags:air-gapped systems, crypto-mining, Cybersecurity, device control policies, kernel-level exploitation, Malware, Monero, network security, USB drives, vulnerable drivers

Post navigation

Previous Post: Deutsche Bahn Faces Major DDoS Attack Disruption
Next Post: Microsoft Defender Boosts Threat Response with New Script Library

Related Posts

15 Best Remote Monitoring Tools 15 Best Remote Monitoring Tools Cyber Security News
TCLBANKER Trojan Expands Through WhatsApp and Outlook TCLBANKER Trojan Expands Through WhatsApp and Outlook Cyber Security News
Perplexity’s Comet Browser Screenshot Feature Vulnerability Let Attackers Inject Malicious Prompts Perplexity’s Comet Browser Screenshot Feature Vulnerability Let Attackers Inject Malicious Prompts Cyber Security News
Halo Security Achieves SOC 2 Type 1 Compliance Halo Security Achieves SOC 2 Type 1 Compliance Cyber Security News
Claude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help Claude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help Cyber Security News
Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark