C3Pool

Tags

Cryptominer

Incidents

C3Pool mining via Confluence vulnerability Exposed Jupyter Notebooks Targeted for Cryptomining

References

https://www.imperva.com/blog/attackers-quick-to-weaponize-cve-2023-22527-for-malware-delivery/https://www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.htmlhttps://www.cadosecurity.com/blog/from-dormant-to-dangerous-p2pinfect-evolves-to-deploy-new-ransomware-and-cryptominerhttps://www.imperva.com/blog/attackers-exploit-cve-2021-26084-for-xmrig-crypto-mining-on-affected-confluence-servers/

Last edited

Feb 19, 2025 2:12 PM

C3Pool is a Monero mining pool that has been misused by threat actors to illicitly mine cryptocurrency on compromised systems. Attackers exploit vulnerabilities in software such as Apache HTTP Server, Atlassian Confluence, and Redis to deploy mining malware, often utilizing scripts hosted on platforms like GitHub and Netlify. These scripts download and execute miners, such as XMRig, connecting to C3Pool to mine Monero without the system owner's consent.