Consumer Law

Hackers use fake error pages to secretly hijack computers for crypto mining

25/07/2025
admin
No Comments


This malware – Soco404 – is very hard to detect and victims may not notice it until it's too late

By Truman Lewis of ConsumerAffairs

July 25, 2025

  • Hackers are hiding malicious software inside fake 404 error web pages.

  • The malware targets both Linux and Windows computers and is very hard to detect.

  • Victims might not notice anything except slower systems and higher power bills.

A new cyberattack campaign, called Soco404, is tricking computers into secretly mining cryptocurrency by hiding malicious code inside what looks like a normal “Page Not Found” error message.

Normally, when you visit a broken link, you get a 404 error page. Hackers behind Soco404 are creating fake versions of those error pages. But hidden inside them is encoded malware basically, computer code that tells your machine to mine cryptocurrency (like Monero) for the attacker.

They store these fake pages on compromised websites and even Google Sites, so they look safe. The malware is designed to run quietly on both Windows and Linux computers.

Sneaky and hard to spot

Because the malware is hidden inside normal web code, many antivirus tools and firewalls dont catch it. Once downloaded, the program installs itself in memory, without writing to the hard drive which helps it stay under the radar.

It also erases its tracks, hides as a system process (with names like kworker or sd-pam), and turns off important logging features in Windows so IT teams cant see whats going on.

How they break in

One common entry point is misconfigured databases especially PostgreSQL, which many cloud users accidentally leave exposed to the public internet. The hackers take advantage of a PostgreSQL feature that lets them run system commands. From there, they can spread across networks and install mining software on many machines.

In some cases, they even use infected websites in South Korea to deliver different versions of the malware one for Windows (ok.exe) and one for Linux (soco.sh).

What it means for you

If you suddenly seeslower computer performance or rising electricity bills, it could be a sign of this kind of attack. Because it runs silently and hides well, traditional cybersecurity tools might not catch it.

Security experts recommend:

  • Locking down exposed databases.

  • Monitoring for strange error page downloads.

  • Watching CPU usage for unexplained spikes.

In short, this attack proves that even a simple-looking error page can be dangerous if its been tampered with. Be cautious about what your systems download even when it seems like “nothing happened.”



#Hackers #fake #error #pages #secretly #hijack #computers #crypto #mining

Leave a Reply

Your email address will not be published. Required fields are marked *