SophosLabs has published a report on how hackers are distributing a new mining malware across the web. The Mal/Miner-C malware hijacks a computer and allows malicious individuals to mine Monero with the victim’s processing power.
SophosLabs Researches a New Exploit That Borrows CPU Power to Mine Monero
A new paper, authored by Attila Marosi, details how the Mal/Miner-C malware infects a computer and borrows its CPU power. Monero is the chosen vehicle for this mining malware, due to its ability to be mined by standard CPUs. The most valuable cryptocurrency, bitcoin, is not a viable candidate for these kinds of malware, since its hashing difficulty has become so high in recent years.
With Monero and other cryptocurrencies still capable of being mined with CPUs, they have become an efficient source of revenue for hackers, in addition to other tools, like ransomware.
Attila Marosi, Senior Threat Researcher, SophosLabs explains:
The idea was perfect from the criminal’s point of view, but as time went on the average PC was no longer powerful enough to mine even a single coin. It was time to give up on this type of attack and turn the attention to other ways to make money, like ransomware. Recently a new malware family has found a way to use PCs efficiently to mine new types of cryptocurrency.
Marosi details that with Monero’s rise in popularity, criminals have started to spread the new malware payload. The researcher explains that, based on tests, the modern CPU can calculate 50-1500 hashes per second. If multiple CPUs are pooled, such mining can be quite lucrative. Marosi says that attackers wielding the malware often use Moneropool — a mining community based on a mining framework called “node-cryptonote-pool” — to combine their stolen resources.
Cybercriminals Prefer Everyone, Both Big and Small
The SophosLabs associate says the problem is more profound than people realize. Marosi explains that individuals and corporate entities should take their security settings more seriously with these types of attacks on the rise. Cybercriminals are interested in profiting off of everyone, and these forms of malware will only proliferate from here on out.
Marosi concludes the research assessment of the SophosLabs paper by saying:
More than 70% of the servers where write access was enabled had already been found, visited and “borrowed” by crooks looking for innocent-sounding repositories for their malware.? If you’ve ever assumed that you’re too small and insignificant to be of interest to cybercriminals, and thus that getting security settings right is only really for bigger organizations, this should convince you otherwise.
Since Monero has grown extremely popular due to its privacy techniques and black market acceptance, this new mining malware may become more prevalent as time goes on. Marosi says the attacks will continue, and suggests that users take the necessary precautions while browsing the web, making sure computers are up to date with strong security features.