Leaks

Cybercrime Evolution: 2017 is for Ransomware, while 2018 is for Cryptojacking Malware

The growth of Bitcoin and its derivative cryptocurrencies have expanded people’s point-of-view on what it really is, a new representation of real-world money. We used to associate money to currency, physical paper or metal coins to represent value, but now stored as a file in our computer or smart devices. However, not everyone in this space are interested in honestly trading cryptocurrencies, but rather to ‘criminally profit’ out of our devices. This new method of earning a profit is the byproduct of cybercriminals’ entry to the cryptocurrency craze that took the world by storm for the last five years.

Cryptojacking malware is the new strain of unwanted software, which silently installs itself to a computer in order to mine crypto-coins in the background, stealing CPU/GPU cycles without the users realizing it. The danger of cryptocurrency mining malware is not obvious at the onset, as its goal is not to ask ransom money from the victims, unlike the ransomware variety. Its danger is more of a longterm damage to the components of the machine, rendering its useful life lesser than its expected service length, due to abnormal wear and tear levels. Cryptocurrency forces the PC to use its GPU/CPU cycles to mine cryptocurrency, in effect it never idle. This increases core temperature, hence increased electricity rates and the risk of the machine needing repairs and early retirement than normal.

Ransomware is 2017, while cryptojacking is for 2018, when cybercriminals have made a huge innovation when it comes to their technology. Even browsing an innocent-looking website can infect an unpatched browser with a cryptojacking hooking script, which enable the malware to run on top of the browser silently. The demand for CPU/GPU cycles creates artificial consumption of more electrical power compared to a normal use of the computer. The owner of the computers infected with cryptojacking virus will end-up having to pay a higher electricity rate on the next billing cycle following the infection date.

“[In the first half of the year] we have seen 2.4 million instances of this attack, which is booming among black hat hackers. The more computing power they can hijack, the faster they can mine, which is also giving rise to fights between different attackers trying to gain control of as much of a user’s CPU as possible,” said Josu Franco, Panda’s Technology and Strategy Consultant.

The mainstream release of a modern browser feature named Web Assembly, when paired with an enabling Javascript code creates a very friendly environment for developing browser-based malware. Leveraging the regular traffic of an infected site, visitors with outdated but working Web Assembly-enabled browser gets to join the botnet collectively mining cryptocurrency, most especially a Monero-mining type of activity. Cryptojacking malware can also infect mobile phones running fake apps, these modified apps behave as standard apps, but in the background it mines cryptocurrency, overworking the smartphone/tablet’s SOC, hence the battery exhibits shorter battery life and generates a lot of heat as a result. Cybercriminals are also experimenting with IoT infecting malware, with all the advantages of a smartphone/tablet, but usually runs 24/7 at home.

“One of the first cases seen in the field of IOT was HiddenMiner, a piece of malware that got onto mobile devices via applications downloaded from unofficial, third-party app stores. A feature that makes it so dangerous is that, in older versions of Android, it is almost impossible to get rid of. In addition, once on a device, it uses all the device’s resources, making it overheat or even crash. Users should also take note of a serious slowdown of the device. To fight these threats, business leaders need to develop a comprehensive cyber security strategy that includes next-generation endpoint detection and response technology to provide visibility and control of the network, as well as developing policies and procedures that govern user behaviour,” concluded Franco.

It is very important to minimize the sideloading of apps, and only download them from the official app stores. Updating the operating systems and browsers is also a very effective method of preventing malware from infecting your PC, smartphone or tablet. It is expected that end-users practice common sense, a little housekeeping methodology like applying regular updates is a must to survive personal computing free from software nasties like malware.

To Top

Pin It on Pinterest

Share This