‘50,000 servers infected’ as cryptojacking hits new heights: study

Cryptojacking is a rapidly growing problem worldwide, as scammers increasingly choose malicious crypto mining scripts over ransomware for fleecing their victims. But new research appears to confirm the true scale of the problem, and it’s even worse than many commentators had feared.

According to research published by cybersecurity experts at Guardicore Labs, a new script has infected as many as 50,000 separate servers worldwide, mining an obscure privacy-focused token without the knowledge of its hosts.

The script runs in the background on infected computers, draining resources while driving up energy bills. Many victims don’t even realize their systems are infected until it is too late, with scammers able to make off with tidy sums and a lower chance of detection compared to other frauds.

The scammers are increasingly turning to turtlecoin (TRTL) mining, with this particular campaign evident for at least four months.

The team first detected the scam back in April, and were able to identify its origins and growth. Their research shows the malware may have “infected up to 50,000 Windows MS-SQL and PHPMyAdmin servers over the past four months,” with over 700 new victims being pulled into the scam net every single day.

According to the researchers, the malware bears hallmarks of an attack emanating from China, or Chinese speakers, after Chinese language strings were identified in log files and binaries.

In their research, Guardicore Labs said the targeted servers already spanned systems across a number of key industries.

“Breached machines include over 50,000 servers belonging to companies in the healthcare, telecommunications, media and IT sectors. Once compromised, the targeted servers were infected with malicious payloads. These, in turn, dropped a crypto-miner and installed a sophisticated kernel-mode rootkit to prevent the malware from being terminated,” according to the report.

Their findings show the majority of victims to be located in China, India and the United States, with the suggestion that victims in as many as 90 countries may have been affected.

Interestingly, the report confirms that organizations are still exhibiting basic security weaknesses, saying “this campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows.”

To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.