Understanding cryptomining, a new malware variant


Last year, ransomware stories dominated most headlines in the world which included damages done by Wanna Cry and Petya attacks to many individuals and organizations.

With new variants coming up every day, malware have become fast, brutal, and instantly

Advanced cyber criminals are now focused on cryptocurrencies, they covertly
infect users’ computers with software to do the calculations needed to generate
cryptocurrency i.e. digital money that uses cryptography to make secure online transactions without the need for banks e.g. Bitcoin, Monero and Ethereum; the crooks keep any cryptocoin proceeds for themselves.

This process is referred to as cryptomining. They do this because, to make any real money with coinmining, it requires massive amounts of computer processing power, which slows down performance and leaves wear and tear.

According to Sophos cryptomining article, unlike other malwares, cryptominer don’t encrypt
users files, they are able to access their data which makes cryptomining sound fair
compared to ransomware.

However, users computers will probably be annoyingly slow, the fans will be roaring all the time and their battery life will somehow run low.

These attacks might be serious on mobile devices since they affect battery life associated
with continuous super-heavy processor usage which results in permanent damage.

Until recently, cryptomining wasn’t always a problem because the activity was largely limited to those who chose to do it. That began to change as cryptocurrency prices skyrocketed.

A single Bitcoin was worth $1000 at the start of 2017 and was valued at around $17,000 by year’s end. Cyber thieves have now taken notice and started using cryptominers to make money.

For instance, JavaScript miners like those from Coinhive are added to websites and run in
the browser, using visitors’ CPUs to generate cryptocurrency. Users may notice poor
performance, a spike in CPU usage and batteries draining faster than usual.

“Evolving malwares continuously force us to evolve our defenses to try close all attack
vectors by bad guys like cryptominers who take advantage of computing users and
organizations”. Says Harish Chib, Vice President Middle East and Africa, Sophos.

He asdded, “They do this because, to make any real money with coinmining, one needs a lot of electricity to deliver a lot processing power on a lot of computers.

So they can either rent space in a giant coinmining server farms, for example in Iceland,
where electricity is cheap and the weather is cold enough to cool computers from melting
down or they are forced to steal other people’s electricity, processing power and air
conditioning by using a malware to sneak cryptominers into their networks and browsers.

Legitimate cryptomining programs ask users for permission to run. Malicious versions don’t, opting instead to quietly leach a computer’s resources. SophosLabs is seeing more of the latter variety, with a new twist:

Increasingly, SophosLabs is seeing cases of cryptominers designed to hide from users. In
other words, instead of showing up as executable files, they take the form of scripts hidden
on websites, mining for cryptocurrency in the browser.

Without permission, these miners tap into the victim’s CPU and use the processing power to mine for digital currency. Visitors to these sites see no evidence of the mining. The only clues that something may be amiss are their computer slowing down and their fans revving up.

Malicious miners are most typically hidden on third-party web pages and in Android apps.
Bitcoin has been the currency of choice for the bad guys, but Monero is becoming a lot more popular because it does not require as much processing power as it takes to dig for Bitcoin.

Ironically, a lot of coinmining software advises users not to bother running it on mobile
phones: because the computing power of your mobile devices isn’t sufficient for decent
results, so the costs outweigh the benefits.

Well, the crooks don’t care, and this is how they don’t according to a technical report published by SophosLabs.

The report states that cybercriminals are willing to put a lot of effort into getting their cryptomining code accepted into the Android Play Store, and thus to have it “blessed” with Google’s imprimatur.

Do you have a story that you think would interest our readers?
Write to us editorial@cio.co.ke


Please enter your comment!
Please enter your name here
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.