Palo Alto Networks, a cybersecurity company issued a report about the use of malware XMRig for the web mining of a cryptocurrency called Monero in the last four months.
According to the company, this malware used to mine Monero uses the CPU of the infected computers without the authorization of the owners. It is estimated that between 15 and 30 million computers around the world have been infected by this malware. South America is one of the most affected areas, along with Asia and North Africa. Nevertheless, no one known with certainty how much money the hackers earned using the malware for web mining.
Palo Alto Networks explained the new malware is infecting the computers by using websites for short URLs, such as Bitly and Adfly. The malicious files are disguised as EXE executable files. When someone downloads and executes such a file, the malicious software is installed and the computer becomes infected.
In this case, the malware software is not using more than 20% of the CPU power of the infected computers to mine Monero, according to Josh Grunzweig, a malware investigator from Palo Alto Networks. This way the computer is not slowed down too much, which prevents the user from suspecting that the computer is infected and used for illegal web mining of cryptocurrencies. Furthermore, the code of the malware contains references to NiceHash, a popular website used for the purchase and sale of computer power for the cryptocurrency mining processes, which means the hackers might be more interested in selling the processing power of the infected computer than to mine Monero directly.
Grunzweig said: “In our investigation we have seen the attackers using NiceHash as a market where they sell the processing power of the computers infected with XMRig.”
Unfortunately, the theft of processing power is becoming more and more frequent. Monero is the favorite cryptocurrency of the hackers due to its anonymity and the ability to be mined without using too much resources. The list of websites using malware to mine Monero by using the processing power of their visitors is getting larger. Furthermore, a new malware called WannMine and used to mine Monero has been gaining popularity recently. This malware slows down the hijacked computers to the point where it makes them unusable for anything else.