Group-IB recently found a cryptojacking scheme on a popular Thesaurus site, infecting visitors with malware to mine cryptocurrency and potentially deploy more harmful software. Group-IB’s 24/7 monitoring spotted malicious archives flagged by Group-IB MXDR, revealing a surge in malware across multiple customer companies with unusual archive names like ‘chromium-patch-nightly.00.[0-9]{3}.[0-9]{3}.zip.’ However, the commonality suggested a shared source and unconventional attack.
Source: GBHackers