Hello, welcome to the Tuesday, June 12th, 2018 edition of the Sansonet Stormsand Stormcast.

My name is Johannes Ulrich and I am recording from Jacksonville, Florida.

Today we got a reminder from Brand not to forget about Lockybot.

Lockybot was big last year, sort of October last year, and it typically spread, well,

like most of this malware via malicious emails, in particular sort of these shipping notifications

and the like.

I guess people got better in identifying these types of emails, maybe also anti-malware got better in eliminating this particular

threat, so we haven't heard about it in a while, but as Brad points out, it's still very much alive

and going around infecting people who don't have these precautions in place. And talking about the updates 360 NetLab, also known as Chihu 360, gives us an update on some of these JSON RPC scans looking for vulnerable Ethereum wallets.

These scans typically hit port 8,545 and we have written about this in the past as well,

but what NetLab 360 now did is that they actually followed up with some of these scans

and looked at some of the wallet addresses that have been doing this for a while.

Well, amazingly, they got $20 million worth of Ethereum now in their wallet that was used

in these random scans.

And talking about cryptocurrencies, cryptocurrency miners are still a big thing.

They're still being installed using any number of vulnerabilities.

Now, it has so far been pretty simple to spot these miners because they take up a lot of CPU time.

Now, a more recent miner that was now discovered is a little bit more careful.

Whenever a user starts task manager, process explorer, process hacker, essentially tools

to review the CPU usage, this miner will terminate.

It will also terminate if the user does start any number of popular games that

will also require a lot of CPU. So in order to not get detected, it will then terminate to

...