infected with cryptocurrency mining malware

The rapid popularity of Bitcoin and the emergence of about 1500 other digital coins or tokens have drawn more hackers into the red-hot cryptocurrency space expanding opportunities for crime and fraud. Criminals have been injecting websites with scripts to mine the Moreno Cryptocurrency. Nearly 50k sites have inserted. Cybercriminals always follow the money and right now they see the unregulated and unsecured currencies to target people and businesses to earn money very quickly and easily. About 5,541 WordPress websites infected with malware as part of crypto jacking campaigns only. Nearly 50000 sites were found to host any cryptocurrency mining malware.

Digital Currencies has proliferated into a more asset class in the world over the last two years. With weekly launches of alternative coins which called altcoins, cybercriminals have developed several ways to defraud cryptocurrency holders due to which crypto jacking, account takeovers, scams against first coins offerings have all increased. Cryptocurrency mining has become one of the lucrative industry.  As in the case of Monero, it is more easily capable of being mined on CPUs (Central Processing Unit) rather than GPUs (Graphical Processing Unit). Website owners have taken JavaScript-based mining scripts to generate revenue. Cryptocurrency miners are frequently configured to max out the CPU capacity of a given device. So, performing cryptocurrency mining via scripts embedded on web pages is very much parasitical regardless of the intent of website owner.

In the case of embedding JavaScript miners in a website, it has attracted the interest of criminals. Criminals have begun exploiting cross-site scripting and other vulnerabilities to inject mining scripts into the sites to wrongly generate funds. These types of attacks have constantly been rising. According to Mursch’s investigation, 48953 websites were found to have coin mining scripts, 39,925(81.6%) used Coin hive.  These websites share a total of six unique Coinhive sites suggesting their inclusion on websites is not an active decision by website owners rather they were added into a website by some legitimate means likely through vulnerabilities in WordPress itself or through a plugin.

Crypto jacking is becoming more popular among criminals as proactive protections to safeguard against the attacks. Crypto jacking blocked default in Opera. Miner Block extension has been recommended by Troy Mursch (the author of the Bad Packets Report) in Chrome and Firefox. Web-based mining attacks are only one component of criminals mining the Monero Cryptocurrency in malware attacks. Despite this attack targeting Android devices, Microsoft Word Devices and Telegram were also recently discovered recently. Cyber Criminals have also recycled the EternalBlue vulnerability developed by NSA which used for creating the mining botnet “Smominru”.

LEAVE A REPLY

Please enter your comment!
Please enter your name here