large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation ServHelper TA505

The ServHelper backdoor, which has ties to the TA505 threat group, was discovered dropping a hidden crypto miner. The digital miner, known as LoudMiner, is installed in a virtual environment to evade anti-virus detection but is only installed if the endpoint has more than 5 GB of available physical memory. The malicious software uses various techniques including PowerShell, obfuscation, DLL hijacking, and cmd.exe for execution, defense evasion, and persistence.
Name Modified Date Sources
Operation ServHelper TA505 2020-07-16