Cryptocurrency mining malware has been rampant in the past few months. After hitting record levels in late 2017 and early 2018, this type of malware seemed to go down in late 2018. It seemed for a few months as if cases of cryptojacking were dwindling, with some popular services like Coinhive even shutting down earlier this year.
The decline in crypto mining malware came about at a time when the crypto industry was facing a bloodbath. The prices of most cryptos was over 80% down from previous record highs in what came to be described as the crypto winter. However, the market made a great comeback this year, and so did crypto mining malware.
McAfee Labs confirmed the rise in cryptojacking campaigns in their August Threat Report. The report indicated that cryptojacking malware had shot up by 29% in the first quarter of 2019.
The malware has continued to evolve, becoming better at avoiding detection and finding more ingenious ways to infect its targets. And while previous malware has only focused on mining crypto, new versions in recent days go a step further and steal crucial data which can be sold on the dark web or used to steal from the victims.
As expected, Monero (XMR) has remained the crypto of choice for the cybercriminals. The dark coin offers enhanced anonymity, making it almost impossible to track the criminals. Monero is also easier to mine on a PC compared to many other cryptos that require specialized equipment.
The most recent report of cryptojacking exploits was published just days ago by Cisco Talos Intelligence Group. The report identified a crypto hacking crew known as Panda which has reportedly amassed more than $90,000 worth of crypto from crypto mining malware. Panda distributes its malware through vulnerable web applications. Although its methods of attack are fairly simple, the group has been quite effective, the research found. Panda is suspected to be primarily located in China from the IP locations of its members.
Still in September, TrendMicro revealed in a blog post that a new crypto mining malware was targeting Linux systems. Known as Skidmap, the malware is quite advanced, being able to fake network statistics so as to remain undetected. Even more critically, Skidmap was found to set up a secret master password that grants the attackers unrestricted access to the affected machine.
TrendMicro also reported the re-emergence of a nasty cryptojacking malware known as Glupteba. The malware was first discovered in 2018 but in recent days, it has been found to use the Core Coin (BTC) blockchain to gain an extra level of resilience. In using the blockchain, the attackers sought to ensure that even if all their target servers were taken down, the malware would not go down with them.
In August, security researchers from New York-based Varonis announced the discovery of a strain of crypto mining malware that’s able to avoid detection. Known as Norman, the malware had infected virtually all the machines at an unnamed mid-size company. However, it had been able to remain undetected for a year. Several staff members at the company had reported unstable applications and slow network connectivity which prompted the researchers to delve deeper and discover Norman.
And it’s not just mining cryptos that interests the attackers, as was witnessed with the Smominru cryptojacking malware. The malware was found to have infected over 500,000 machines globally, stealing valuable user data. Discovered by Carbon Black, Smominru was sending the stolen data to hijacked web servers after which it would be sold in dark web marketplaces.
In June, TrendMicro discovered a new cryptojacking malware that targeted Android devices. The botnet malware was found to exploit Android Debug Bridge (ADB) ports which normally don’t require authentication. After execution on a device, it would then delete its payload files, making it impossible to detect.
Still in June, security researchers from ESET discovered LoudMiner, a malware that targeted people who downloaded cracked music production software. LoudMiner targeted both MacOS and Windows users. Since it attached itself to audio software, it was harder to detect as the increased CPU usage would be blamed on the usually-intensive software. Audio software also tends to get a bigger share of system resources, further benefitting the malware.
TrendMicro yet again discovered a notorious crypto mining malware in June which mostly targeted the U.S. and Thailand. The malware was aptly named BlackSquid as it had eight components that allowed it to infect its hosts and mine Monero. BlackSquid attacked its targets through infected web pages, infected network drives and infected web servers.
Cryptojacking is only becoming more widespread as the malware becomes harder to detect. Attackers have also found ways to automate the attacks and at the slightest chance, they are able to attack a device and start mining. With the prices of most cryptos expected to continue rising into the near future, it’s plausible that the attacks will only worsen.
However, it’s not all doom. Cybersecurity experts have continued to find new and better ways to protect their clients against the attacks. Many anti-virus companies now offer protection against most strains of cryptojacking malware. As time evolves and more research is conducted, cryptojacking may just become a thing of the past.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.