After suffering through rampant ransomware attacks, the internet is now being overrun by a new category of threats caused by cryptocurrency miners. As cryptocurrencies take hold and their prices fluctuate, hackers seeking a profit are moving towards CPU-mining to utilize an unassuming victim’s system resources without permission.
Bitcoin cryptocurrency and worldwide payment system was the first decentralized digital currency, meaning the system works without a central bank or single administrator. Cyber-attackers are taking advantage of these intangible digital currencies, and because Bitcoin transactions can’t be traced, they leave no trail which creates a very real security problem.
The bitcoin network is peer-to-peer and transactions take place directly between users, without any intermediary. These transactions are verified by volunteer network nodes using cryptography, and each transaction is recorded in a publicly distributed ledger called a Blockchain.
The cryptography involved is extremely CPU-intensive, and the volunteer network nodes may receive a fee, or they may be randomly awarded a bounty for completing transactions. Hashes are generated and submitted for the attacker’s crypto currency account on pool websites.
The Cryptocurrency Threat Landscape
Recently our company came across a new type of crypto miner in which the famous Trojan downloader Quant Loader – downloaded from a malicious website redirected from a malicious advertisement campaign – drops a Monero (XMR) cryptocurrency miner into the victim’s machine.
In one common example, your system could become infected by what’s known as Ngay’s Monero miner. If you notice that your system is working slower than expected, open Windows Task Manager and see if “notepad.exe” process is utilizing 100% CPU, despite the fact that you are not using Notepad. If it is, then your system is likely infected from Ngay’s Monero miner.
In another recent scary case, some government websites were hacked by a plugin injected with a digital coin miner. Thousands of websites relying on the Browsealoud plugin recently fell prey to a hack that secretly ran a cryptocurrency mining script in the background of visiting PCs. The altered Browsealoud plugin began mining Monero on more than 4,200 websites worldwide, including many governments and other organizations.
Plug-in content is usually hosted on a remote server, and it gets sent to the target web page through a secure connection. As there is no system to authenticate the content, someone with access can inject malicious code. As a result, any websites using the plug-in would serve up the malicious content while still registering the server as secure.
Therein lies the root problem: many people wrongly assume that digital currencies are somehow more secure than regular financial transactions, but the truth is that cryptocurrencies are riskier because no authorized regulatory bodies exist to regulate these digital financial transactions.
This false sense of security is a problem because it lulls people into taking the wrong actions that play directly into the hackers’ plans. While some of these attacks harvest bitcoins from a victim’s account, others simply con the victim into giving their bitcoins to the thief.
In addition, larger state-sponsored hacks of cryptocurrencies are often intended to cause widespread market chaos that serves to disrupt the Bitcoin ecosystem, thus increasing economic instability and risk around the globe.
As society’s dependence on cryptocurrencies continues to increase, we will see more and more social engineering attacks being used to successfully steal digital coinage. The only way to protect ourselves against these new types of attacks is to implement technologies that can identify and safeguard us against social engineering attacks.
No amount of user training and awareness will ever solve this problem; that’s why having the right technical solutions in place is a must.
If you found this article insightful, why not watch our #InfosecWebinar on Malware in IoT, Crypto-coins & Smart Devices