With cryptojacking on the rise, we have been flooded with requests for web security and recently found another strain of this form of malware.
Originating from a miner on penguinpool.net, a popular crypto mining site, our team is investigating the source of the intrusion and have reported the miner to penguinpool.net and requested activity for this user be ceased and investigated.
Looking into the config.json file revealed the following information:
Matching the configuration suggestion published on the penguinpool.net website
Image below shows current miners for that particular pool including the suspected culprit of our investigation.
Image below reveals the hashing power and suggests the possible impact of the miner on other breaches.
At the time of publication, we have had no response from penguinpool.net or its administrators regarding action and the miner was still actively mining.