![]() ![]() Malware is a software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and usually harmful action. This knowledge also comes in handy in the unfortunate event of a breach. Not all cybercrimes are created equal, so you should know how your IT infrastructure can be attacked so you know how to defend yourself. The usual advice on sticking to official websites to download applications applies but is not always enough, especially when ().Welcome to IT 101, where the experts at 2W Tech will tackle a hot topic in the IT industry and break it down for educational purposes. Similarly to Windows malware, malicious APKs tend to have modules for specific functionalities, such as SMS spam and of course miners.\n\n()]( \"\" )\n\n_Figure 4: Source code for the mining component within an Android APK_\n\nLegitimate mining pools such as () are often used by those Android miners, and the same is true for (). In fact, cryptominers are one of the most commonly served payloads in drive-by download attacks.\n\n()]( \"\" )\n\n_Figure 3: An iframe redirection to RIG EK followed by a noticeable coin miner infection_\n\n# Mobile and Mac cryptominers\n\nMobile users are not immune to cryptomining either, as () are also commonplace, especially for the Android platform. The modular nature of their malware is certainly making it easier for them to experiment with new schemes to make money.\n\n()]( \"\" )\n\n_Figure 2: Document containing macro that downloads the TrickBot malware_\n\nSeveral exploit kits, and () in particular have been distributing miners, usually via the intermediary of the SmokeLoader malware. Existing malware families like Trickbot, distributed via malicious spam attachments, temporarily added in a ().\n\nInterestingly, the Trickbot authors had already expanded their banking Trojan to () as they logged into their electronic wallet. ![]() ![]() In recent times, we saw individuals who, against their better judgement, took this to the next level by using supercomputers in various () environments.\n\n# Spam and exploit kits campaigns\n\nEven malware authors have caught the cryptocurrency bug. While Oracle released a () in October 2017, many did not apply it in a timely fashion, and a () only facilitated widespread abuse.\n\nAs it turns out, servers happen to be a favorite among criminals because they offer the most horsepower, or to use the proper term, the highest hash rate to crunch through and solve the mathematical operations required by cryptomining. But first, they must find ways to deliver the malicious coin miners on a large enough scale.\n\nWhile the Wannacry ransomware was highly publicized for taking advantage of the leaked EternalBlue and DoublePulsar exploits, at least () used those same vulnerabilities to infect hundreds of thousands of Windows servers with a cryptocurrency miner, ultimately generating millions of dollars in revenue.\n\n()]( \"\" )\n\n_Figure 1: Worm scanning random IP addresses on port 445 _\n\nOther vulnerabilities, such as a flaw with Oracle's WebLogic Server (()), were also used to deliver miners onto servers at (). Ever since September 2017, malicious cryptomining has been our top detection overall.\n\n# Cryptomining malware\n\nTo maximize their profits, threat actors are leveraging the computing power of as many devices as they can. The emergence of a multitude of new cryptocurrencies that can be mined by average computers has also contributed to the widespread abuse we are witnessing.\n\nMalwarebytes has been blocking coin miners with its multiple protection modules, including our real-time scanner and web protection technology. Indeed, cryptocurrency mining is such a lucrative business that malware creators and distributors the world over are drawn to it like moths to a flame. Unfortunately, the same benefits offered by these decentralized and somewhat anonymous digital currencies were quickly abused to extort money, as was the case during the various ransomware outbreaks we\u2019ve witnessed in the last few years.\n\nAs the value of cryptocurrencies\u2014driven by the phenomenal rise of Bitcoin\u2014has increased significantly, a new kind of threat has become mainstream, and some might say has even surpassed all other cybercrime. , "title": "The state of malicious cryptomining", "cvelist":, "references":, "description": "While cryptocurrencies have been around for a long time and used for legitimate purposes, online criminals have certainly tarnished their reputation. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |