Share this article
Hackers Infect 50,000 Servers With Sophisticated Crypto Mining Malware
Hackers have breached over 50,000 servers across the world to mine cryptocurrency using unusually sophisticated tools, according to a new report.
Updated Sep 13, 2021, 9:16 a.m. Published Jun 3, 2019, 3:00 p.m.
Hackers have breached over 50,000 servers across the world to mine cryptocurrency using unusually sophisticated tools, according to a new report.
Cybersecurity firm Guardicore Labs said on May 29 that the large-scale malware effort – dubbed the “Nansh0u campaign" – has been ongoing since February, and had been spreading to over 700 new victims a day. The attack mostly targeted firms in the healthcare, telecoms, media and IT sectors.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Guardicore found 20 different malicious payloads in the malware over time, with new ones created “at least once a week” and put into use as soon as they were created. The package also installed a rootkit that prevented the malware’s removal.
The firm said it contacted the hosting provider of the attack servers and the issuer of the rootkit certificate.
“As a result, the attack servers were taken down and the certificate was revoked,” it said.
Notably, the cybersecurity firm said the attack used sophisticated tools like those used by nation states, a factor that indicates elite digital weaponry is becoming more readily accessible to cyber criminals.
The package was also written using Chinese language tools and placed on Chinese language servers, according to the firm.
Guardicore said:
“The Nansh0u campaign is not a typical crypto-miner attack. It uses techniques often seen in APTs [advanced persistent threats] such as fake certificates and privilege escalation exploits. While advanced attack tools have normally been the property of highly skilled adversaries, this campaign shows that these tools can now easily fall into the hands of less than top-notch attackers.”
The firm said the campaign demonstrates that strong credentials are vital in protecting companies' assets.
“This campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows. Seeing tens of thousands of servers compromised by a simple brute-force attack, we highly recommend that organizations protect their assets with strong credentials as well as network segmentation solutions,” the report concluded.
Infected network image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin Treads Water Near $90K as Bitfinex Warns of 'Fragile Setup' to Shocks
BTC's relative weakness compared to stocks points to tepid spot demand, making the largest crypto vulnerable to macro volatility, Bitfinex analysts said.
What to know:
- Bitcoin erased very modest overnight gains early Monday and spent the rest of the U.S. session in a tight range around the $90,000 level.
- Rising long bond yields and a small U.S. equities pulling back weighed on risk appetite as traders eye this week's Federal Reserve meeting.
- Bitfinex analysts pointed out bitcoin's relative weakness against U.S. stocks amid modest spot demand and structural softness.
Top Stories
