In the last six months, approximately 644,000 computers were attacked each month by malware software for the mining of cryptocurrencies. This data was published in a report created by Windows Defender Research this week. The attacks were performed using multiple strategies for infecting the targeted computers.
According to Microsoft Secure, there was an increase in malware attacks related to the mining of cryptocurrencies between September last year and January this year. This increase coincides with the decrease of the volume of ransomware attacks. The company thinks this shows a shift of focus by part of the hackers who decided to monetize their activities through attacks on the cryptocurrency ecosystem.
The attacks are characterised as troyanized because of the form in which they operate, which is similar to the banking trojans. However, these include some variants such as the use of exploits or auto distributed malware. Exploit is a fragment of code with security vulnerabilities used by the hackers to jeopardize the security of a system.
It is important to point out that the report warns about two types of strategies used to install the mining malware. The first one is a downloadable Word file detected as trojan, which executes a modified version of the XMRig mining software used for the mining of Monero. The second one uses a file called flashupdate, which masks itself as Flash Player and it is downloaded through links in spam campaigns and on malicious websites from the flashplayer chain. This file also runs the XMRig software.
Likewise, other forms of mining attacks include injecting malicious code into notepad.exe file and malicious PowerShell scripts that add a programmed task to execute the mining every time the computer is turned on.
Just like the cybersecurity company called RedLock published in its report, Windows Defender also points out the fact that the Cryptojacking has increased recently. The Cryptojacking is especially used by false tech support websites that make it difficult to close the web browser because it is executing a mining script in the background. This way, the malicious scripts use the computer’s resources to mine cryptocurrencies on behalf of the hackers. These scripts are also used on websites with video content. The largest video platform in the world, YouTube was also a victim of these attacks when it was discovered that a malicious software called CoinHive was used in ads shown on YouTube.
The term Cryptojacking comes from cryptography and hijack and presents the unauthorized use of computers or smartphones to mine cryptocurrencies.
On the other hand, there is the legitimate web mining executed without the official authorization of the involved websites. This type of unauthorized mining also mines cryptocurrencies at the expense of the processors of the visitors of the website, even when the web browser is closed. This situation caused inconveniences for the users and provoked a debate.
The web mining of cryptocurrencies is very popular these days and if we leave its malicious uses behind, it has become a business model for websites such as Salon.com. This website uses CoinHive to mine cryptocurrencies on the web, but with the authorization of its visitors.