Data Security

Interpol hacks cryptomalware that infected millions of routers worldwide

Interpol, in collaboration with other agencies, has dealt a severe blow to cybercrime in Asia. The international agency announced the successful conclusion of Operation Goldfish Alpha, which was supported by the information security firm Trend Micro, besides law enforcement agencies and incident response teams in more than 10 countries; this operation focused on the elimination of Coinhive, a cryptocurrency mining malware (aka cryptomalware), which was eradicated from nearly 20k routers.

For half a year, the Interpol Global Complex Innovation
(IGCI) worked to detect and remove this variant of malware installed on
thousands of hundreds of MicroTok routers, which suffered large-scale
infections in multiple Asian countries, such as Brunei, Cambodia, Indonesia,
Malaysia, the Philippines, Singapore and Thailand.

Moreover, Trend Micro information security
experts prepared a number of very useful information documents for
cryptocurrency mining malware victims, so thousands of users learned to update
their routers and uninstall the malware. Operation Goldfish concluded at the
end of 2019, although thousands of infected devices remain in Asia and the rest
of the world.

The international agency estimates that this
operation managed to eradicate about 18% of Coinhive infections worldwide, so
it is expected that the current number of routers running this cryptomalware
will not exceed 110k units, which have not been updated by their
administrators.

It should be remembered that this attack, known as cryptojacking, depends on the processing power of the infected machines. Because a router represents minimal computing power, hackers must compromise tens of thousands of routers to achieve the processing power equivalent to a network of a few computers.

According to information security specialists,
its weak security settings, in addition to their worldwide use, make routers
one of the main targets of threat actors that use cryptojacking to generate
profits. Although the generated revenue using this attack is not high, very few
resources are required to infect tens of thousands of devices, making it a very
lucrative attack variant.

The number of cryptomalware infections has
decreased over the last two years, as the latest antivirus tools have the
ability to identify these malicious programs. However, an information security
report from the International Institute of Cyber Security (IICS) states that
threat actors have not stopped and keep develop new and more efficient methods
of infection.

Last year, malicious hackers demonstrated their
ability to reinvent themselves, developing infection methods based on steganography,
allowing them to hide malicious software in images, PDF files and even in
WAV-format audio samples with the purpose of evading the detection of antivirus
software and infecting as many devices as possible. Whether deploying
cryptojacking campaigns, or creating gigantic botnets useful in other attack
variants, experts consider it highly likely that steganography-based attacks
will reach record activity logs during 2020.

To Top

Pin It on Pinterest

Share This