Amazon falls victim to bitcoin mining malware

Armed with NSA-grade hacking tools, cybercriminals continue to exploit a new plague of cryptocurrency-related malware, months after the infamous leak. How do you protect yourself?

Cloud security startup RedLock has found that insurance company Aviva, and Gemalto—which is ironically a digital security company, had a parasitic bot in their Amazon Web Services (AWS) servers. The bot has been executing a bitcoin mining command, effectively freeloading on the multi-billion dollar, multinational companies’ processing power and raking in the profits without having to pay the electricity bill.

According to RedLock, such breaches are becoming common not only on AWS, but across Microsoft Azure and Google Cloud as well, and could have easily been avoided if it weren’t for negligent systems administrators. Fortunately, the hackers weren’t interested in stealing any data. They just wanted to mine bitcoins without having to foot the bill.

The NSA nightmare

The malware is highly likely based off of one of the tools allegedly originating from the US National Security Agency (NSA)—the same one used by the botnet “Adylkuzz,” which made tens of thousands of dollars by infecting computers and secretly using them to mine Monero altcoins (XMR).

In April this year, a group called the Shadow Brokers leaked a variety of hacking tools from the NSA, which included malware and viruses capable of freezing and taking control of anyone’s computer. The tools are allegedly used by the NSA to spy on its targets. Not surprisingly, the disturbingly powerful malware have ended up in the wrong hands and are now being used to benefit malicious entities.

Armed with NSA-grade hacking tools, these hackers can lock you out of your own computer and control the system remotely. And all you can do is watch. If you’re working on a deadline, you’d also probably want to cry. Insultingly, one of these tools is a ransomware called WannaCry.

The infamous WannaCry, which largely targets computers running Windows 7, managed to rapidly infect 10,000 organizations including the National Health Service (NHS) and FedEx, totalling over 400,000 computers in 150 countries—the biggest ransomware outbreak in the world.  Although the worldwide spread of WannaCry was halted through a surprisingly simple mechanism, the repercussions of the NSA leak are obviously not over.  And they probably won’t be for a while.

Bitcoin (and other cryptocurrency) mining malware are becoming more and more common. In what seems to be a payback mechanism, notorious torrent site Piratebay was caught installing a Javascript-based bitcoin miner into computers so they can secretly mine Monero coins last month.  Piratebay reasoned that this would replace their ad revenue, much to the backlash of users who believe they should have informed the public before executing the mechanism.

Because of the anonymous nature of blockchain-based transactions, they are quite conducive to criminal activity. The profitability of mining has ushered in a new modus operandi, a new agenda for hackers. Unlike identity theft and ransom, using victims’ computers to secretly mine cryptocoins has a better guarantee of profits. It does seem, after all, a more lucrative way to profit than blackmailing users—the only time the profit stops is when they are purged. But first, they need to be found out.

How do you protect yourself?

According to Russian antivirus Dr. Web, which was the first to detect the virus known as Trojan.BtcMine.1259, the bitcoin mining Trojan virus is quite smart: it knows to shut itself off when a computer deploys its Task Manager, thus, remaining undetected. Some are even fileless, rendering any malicious file search empty. But fortunately, there are ways to find out if your computer is infected. Apart from the obvious lagging that mining will cause to your processor, common antivirus and malware are apparently qualified to detect them.

If you are unlucky enough to have already been infected, there is still hope. There are video tutorials on how to manually get rid of these parasites. Around 98% of those infected by WannaCry are Windows 7 users. This isn’t a guarantee that other operating systems are safe, however.

As is the case with most malware and viruses, never open attachments and links unless you’re sure what they are—even when they are sent by people you know. If some of you remember, there was a time when you would sometimes receive emails from a friend that contained nothing but a link. And when asked, this friend does not recall sending such emails because he never sent it. By default, never open files and links unless you’re sure they are safe.

This includes chat applications. According to Russian multinational cybersecurity and anti-virus provider Kaspersky Lab, a bitcoin mining Trojan was also circulating through links accompanying messages meant to build intrigue on Skype. Fake Amazon notifications were also used to spread the virus through email.

As a safety measure, don’t be quick to click on invites to participate in ICO’s either. As this practice becomes (potentially) highly lucrative, a lot of people are jumping in on the trend—including hackers. So what may seem like a harmless link to a coin launch could very well turn out to be a malicious trick.

As mentioned earlier, arming your computer with antivirus and malware protection software would be a great defense. And if you’re still not confident in all these security measures, you can always switch to Mac.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.