Tangerine Turkey mines cryptocurrency in global campaign

Tangerine Turkey is a USB-spread VBScript worm that uses a printui DLL hijack and DLL side-loading to install cryptomining software (including XMRig) and pull configuration from attacker-controlled PostgreSQL databases, websites, and GitHub repositories; Red Canary links it to the larger "Universal Mining" operation (reported to have infected ~270,741 systems across 135 countries) and provides detection advice focusing on suspicious relocations of printui.exe and associated IOCs.