C\u00f4ng ty an ninh m\u1ea1ng Darktrace<\/strong> v\u1eeba ph\u00e1t hi\u1ec7n m\u1ed9t chi\u1ebfn d\u1ecbch cryptojacking<\/strong> m\u1edbi \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 v\u01b0\u1ee3t qua Windows Defender<\/strong> v\u00e0 tri\u1ec3n khai ph\u1ea7n m\u1ec1m khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed. Chi\u1ebfn d\u1ecbch n\u00e0y, l\u1ea7n \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n v\u00e0o cu\u1ed1i th\u00e1ng B\u1ea3y, li\u00ean quan \u0111\u1ebfn m\u1ed9t chu\u1ed7i l\u00e2y nhi\u1ec5m \u0111a giai \u0111o\u1ea1n, \u00e2m th\u1ea7m chi\u1ebfm \u0111o\u1ea1t s\u1ee9c m\u1ea1nh x\u1eed l\u00fd c\u1ee7a m\u00e1y t\u00ednh \u0111\u1ec3 khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed.<\/p>\n C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u1ee7a Darktrace, Keanna Grelicha<\/strong> v\u00e0 Tara Gould<\/strong>, \u0111\u00e3 gi\u1ea3i th\u00edch trong m\u1ed9t b\u00e1o c\u00e1o \u0111\u01b0\u1ee3c chia s\u1ebb v\u1edbi crypto.news<\/em> r\u1eb1ng chi\u1ebfn d\u1ecbch n\u00e0y \u0111\u1eb7c bi\u1ec7t nh\u1eafm v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng d\u1ef1a tr\u00ean Windows b\u1eb1ng c\u00e1ch khai th\u00e1c PowerShell<\/strong>, shell d\u00f2ng l\u1ec7nh v\u00e0 ng\u00f4n ng\u1eef k\u1ecbch b\u1ea3n t\u00edch h\u1ee3p s\u1eb5n c\u1ee7a Microsoft. Qua \u0111\u00f3, c\u00e1c t\u00e1c nh\u00e2n x\u1ea5u c\u00f3 th\u1ec3 ch\u1ea1y c\u00e1c k\u1ecbch b\u1ea3n \u0111\u1ed9c h\u1ea1i v\u00e0 c\u00f3 quy\u1ec1n truy c\u1eadp \u0111\u1eb7c quy\u1ec1n v\u00e0o h\u1ec7 th\u1ed1ng m\u00e1y ch\u1ee7.<\/p>\n Nh\u1eefng k\u1ecbch b\u1ea3n \u0111\u1ed9c h\u1ea1i n\u00e0y \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 ch\u1ea1y tr\u1ef1c ti\u1ebfp tr\u00ean b\u1ed9 nh\u1edb h\u1ec7 th\u1ed1ng (RAM<\/strong>), do \u0111\u00f3, c\u00e1c c\u00f4ng c\u1ee5 di\u1ec7t virus truy\u1ec1n th\u1ed1ng th\u01b0\u1eddng d\u1ef1a v\u00e0o vi\u1ec7c qu\u00e9t c\u00e1c t\u1ec7p tr\u00ean \u1ed5 c\u1ee9ng kh\u00f4ng th\u1ec3 ph\u00e1t hi\u1ec7n qu\u00e1 tr\u00ecnh \u0111\u1ed9c h\u1ea1i. Sau \u0111\u00f3, c\u00e1c k\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh AutoIt<\/strong>, m\u1ed9t c\u00f4ng c\u1ee5 Windows th\u01b0\u1eddng \u0111\u01b0\u1ee3c c\u00e1c chuy\u00ean gia CNTT s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c t\u00e1c v\u1ee5, \u0111\u1ec3 ti\u00eam m\u1ed9t tr\u00ecnh t\u1ea3i \u0111\u1ed9c h\u1ea1i v\u00e0o m\u1ed9t quy tr\u00ecnh Windows h\u1ee3p ph\u00e1p.<\/p>\n Tr\u00ecnh t\u1ea3i n\u00e0y sau \u0111\u00f3 t\u1ea3i xu\u1ed1ng v\u00e0 th\u1ef1c thi m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed m\u00e0 kh\u00f4ng \u0111\u1ec3 l\u1ea1i d\u1ea5u v\u1ebft r\u00f5 r\u00e0ng tr\u00ean h\u1ec7 th\u1ed1ng. \u0110\u1ec3 t\u0103ng c\u01b0\u1eddng ph\u00f2ng th\u1ee7, tr\u00ecnh t\u1ea3i \u0111\u01b0\u1ee3c l\u1eadp tr\u00ecnh \u0111\u1ec3 th\u1ef1c hi\u1ec7n m\u1ed9t lo\u1ea1t c\u00e1c ki\u1ec3m tra m\u00f4i tr\u01b0\u1eddng, ch\u1eb3ng h\u1ea1n nh\u01b0 qu\u00e9t c\u00e1c d\u1ea5u hi\u1ec7u c\u1ee7a m\u00f4i tr\u01b0\u1eddng sandbox<\/strong> v\u00e0 ki\u1ec3m tra m\u00e1y ch\u1ee7 \u0111\u1ec3 t\u00ecm c\u00e1c s\u1ea3n ph\u1ea9m di\u1ec7t virus \u0111\u00e3 c\u00e0i \u0111\u1eb7t. Vi\u1ec7c th\u1ef1c thi ch\u1ec9 ti\u1ebfp t\u1ee5c n\u1ebfu Windows Defender<\/strong> l\u00e0 bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 duy nh\u1ea5t \u0111ang ho\u1ea1t \u0111\u1ed9ng.<\/p>\n H\u01a1n n\u1eefa, n\u1ebfu t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng b\u1ecb nhi\u1ec5m thi\u1ebfu quy\u1ec1n qu\u1ea3n tr\u1ecb, ch\u01b0\u01a1ng tr\u00ecnh s\u1ebd c\u1ed1 g\u1eafng v\u01b0\u1ee3t qua ki\u1ec3m so\u00e1t t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 c\u00f3 \u0111\u01b0\u1ee3c quy\u1ec1n truy c\u1eadp n\u00e2ng cao. Khi c\u00e1c \u0111i\u1ec1u ki\u1ec7n n\u00e0y \u0111\u01b0\u1ee3c \u0111\u00e1p \u1ee9ng, ch\u01b0\u01a1ng tr\u00ecnh s\u1ebd t\u1ea3i xu\u1ed1ng v\u00e0 th\u1ef1c thi NBMiner<\/strong>, m\u1ed9t c\u00f4ng c\u1ee5 khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed n\u1ed5i ti\u1ebfng s\u1eed d\u1ee5ng \u0111\u01a1n v\u1ecb x\u1eed l\u00fd \u0111\u1ed3 h\u1ecda c\u1ee7a m\u00e1y t\u00ednh \u0111\u1ec3 khai th\u00e1c c\u00e1c lo\u1ea1i ti\u1ec1n \u0111i\u1ec7n t\u1eed nh\u01b0 Ravencoin (RVN)<\/strong> v\u00e0 Monero (XMR)<\/strong>.<\/p>\n Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, Darktrace \u0111\u00e3 c\u00f3 th\u1ec3 ki\u1ec1m ch\u1ebf cu\u1ed9c t\u1ea5n c\u00f4ng b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng h\u1ec7 th\u1ed1ng Ph\u1ea3n h\u1ed3i T\u1ef1 \u0111\u1ed9ng<\/strong> c\u1ee7a m\u00ecnh \u0111\u1ec3 “ng\u0103n ch\u1eb7n thi\u1ebft b\u1ecb th\u1ef1c hi\u1ec7n c\u00e1c k\u1ebft n\u1ed1i ra ngo\u00e0i v\u00e0 ch\u1eb7n c\u00e1c k\u1ebft n\u1ed1i c\u1ee5 th\u1ec3 \u0111\u1ebfn c\u00e1c \u0111i\u1ec3m cu\u1ed1i nghi ng\u1edd.” <\/p>\n “Khi ti\u1ec1n \u0111i\u1ec7n t\u1eed ti\u1ebfp t\u1ee5c gia t\u0103ng \u0111\u1ed9 ph\u1ed5 bi\u1ebfn, nh\u01b0 \u0111\u00e3 th\u1ea5y v\u1edbi gi\u00e1 tr\u1ecb cao li\u00ean t\u1ee5c c\u1ee7a v\u1ed1n h\u00f3a th\u1ecb tr\u01b0\u1eddng ti\u1ec1n \u0111i\u1ec7n t\u1eed to\u00e0n c\u1ea7u (g\u1ea7n 4 ngh\u00ecn t\u1ef7 USD t\u1ea1i th\u1eddi \u0111i\u1ec3m vi\u1ebft b\u00e0i), c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda s\u1ebd ti\u1ebfp t\u1ee5c coi khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed l\u00e0 m\u1ed9t ho\u1ea1t \u0111\u1ed9ng c\u00f3 l\u1ee3i,” c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u1ee7a Darktrace vi\u1ebft.<\/p>\n<\/blockquote>\n Tr\u1edf l\u1ea1i th\u00e1ng B\u1ea3y, Darktrace c\u0169ng \u0111\u00e3 ph\u00e1t hi\u1ec7n m\u1ed9t chi\u1ebfn d\u1ecbch ri\u00eang bi\u1ec7t m\u00e0 c\u00e1c t\u00e1c nh\u00e2n x\u1ea5u \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c chi\u1ebfn thu\u1eadt k\u1ef9 thu\u1eadt x\u00e3 h\u1ed9i ph\u1ee9c t\u1ea1p, ch\u1eb3ng h\u1ea1n nh\u01b0 gi\u1ea3 m\u1ea1o c\u00e1c c\u00f4ng ty th\u1ef1c, \u0111\u1ec3 l\u1eeba ng\u01b0\u1eddi d\u00f9ng t\u1ea3i xu\u1ed1ng ph\u1ea7n m\u1ec1m \u0111\u00e3 b\u1ecb thay \u0111\u1ed5i, t\u1eeb \u0111\u00f3 tri\u1ec3n khai ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u00e1nh c\u1eafp ti\u1ec1n \u0111i\u1ec7n t\u1eed. Kh\u00f4ng gi\u1ed1ng nh\u01b0 k\u1ebf ho\u1ea1ch cryptojacking \u0111\u00e3 \u0111\u1ec1 c\u1eadp \u1edf tr\u00ean, ph\u01b0\u01a1ng ph\u00e1p n\u00e0y nh\u1eafm v\u00e0o c\u1ea3 h\u1ec7 th\u1ed1ng Windows<\/strong> v\u00e0 macOS<\/strong> v\u00e0 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n b\u1edfi ch\u00ednh c\u00e1c n\u1ea1n nh\u00e2n kh\u00f4ng bi\u1ebft, nh\u1eefng ng\u01b0\u1eddi tin r\u1eb1ng h\u1ecd \u0111ang t\u01b0\u01a1ng t\u00e1c v\u1edbi c\u00e1c nh\u00e2n vi\u00ean trong c\u00f4ng ty.<\/p>\n","protected":false},"excerpt":{"rendered":" Chi\u1ebfn d\u1ecbch Cryptojacking M\u1edbi \u0110\u01b0\u1ee3c Ph\u00e1t Hi\u1ec7n C\u00f4ng ty an ninh m\u1ea1ng Darktrace v\u1eeba ph\u00e1t hi\u1ec7n m\u1ed9t chi\u1ebfn d\u1ecbch cryptojacking m\u1edbi \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 v\u01b0\u1ee3t qua Windows Defender v\u00e0 tri\u1ec3n khai ph\u1ea7n m\u1ec1m khai th\u00e1c ti\u1ec1n \u0111i\u1ec7n t\u1eed. Chi\u1ebfn d\u1ecb…<\/p>\n","protected":false},"author":3,"featured_media":12733,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47],"tags":[4313,4993,5288],"class_list":["post-12734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hack","tag-hack","tag-microsoft","tag-monero"],"yoast_head":"\nChi\u1ebfn Thu\u1eadt T\u1ea5n C\u00f4ng<\/h2>\n
Ph\u1ea3n \u1ee8ng c\u1ee7a Darktrace<\/h2>\n
\n
Chi\u1ebfn D\u1ecbch Kh\u00e1c \u0110\u01b0\u1ee3c Ph\u00e1t Hi\u1ec7n<\/h2>\n